Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/28 4:42 a.m.15 views

Jupyter Server vulnerable to open redirect

Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...

7.4CVSS5.8AI score0.00265EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/25 6:35 a.m.15 views

NEC Aterm series vulnerable to cross-site scripting (NV26-002)

Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/25 6:35 a.m.15 views

NEC Aterm series vulnerable to OS command injection (NV26-003)

Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.5CVSS5.8AI score0.00722EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/14 7:16 a.m.15 views

WPS Office improper access restriction to its named pipe

Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...

7.8CVSS7.3AI score0.00336EPSS
Exploits2References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/22 12:0 a.m.15 views

JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path

Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

8.4CVSS7.5AI score0.00155EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/05/12 12:0 a.m.15 views

JVN#20474768: Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N...

6.1CVSS6.1AI score0.00614EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/17 12:0 a.m.15 views

JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar

The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...

9.8CVSS7.6AI score0.00587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/08 12:0 a.m.15 views

JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...

4.8CVSS6.2AI score0.00284EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/31 12:0 a.m.15 views

JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...

7.7CVSS8.1AI score0.00703EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 12:0 a.m.15 views

JVN#57285747: N-LINE vulnerable to HTML injection

N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...

7.4CVSS7.1AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/15 12:0 a.m.15 views

JVN#58721679: SHIRASAGI vulnerable to path traversal

SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...

8.6CVSS7.6AI score0.01016EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/30 12:0 a.m.15 views

JVN#42445661: Multiple vulnerabilities in Smart-tab

Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-41999...

6.8CVSS5.5AI score0.00261EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/16 12:0 a.m.15 views

JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway

Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/01/24 4:34 a.m.15 views

smalruby-editor vulnerable to OS command injection

Overview smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

10CVSS7.8AI score0.06183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/07 12:0 a.m.15 views

JVN#20786316: Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)

Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. Impact If CNG processes a specially crafted key data, the product may be terminated abnormally. Solution Upgrade Windows According to the developer, CNG included in Windows 8 and...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/06/07 12:0 a.m.15 views

JVN#63901692: Internet Explorer vulnerable to information disclosure

Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/05/20 12:0 a.m.15 views

JVN#10461119: Cross-site scripting vulnerability in the web2py social bookmarking widget

web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Impact A user who accesses a site created by web2py which uses share.js may have an arbitrary script executed on its web browser. Solution Upda...

4.3CVSS5.7AI score0.0118EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/12/17 12:0 a.m.15 views

JVN#66596216: WikkaWiki vulnerable to cross-site scripting

WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/08/02 5:46 a.m.15 views

GoodReader vulnerable to cross-site scripting

Overview GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS5.9AI score0.01364EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/07/24 12:0 a.m.15 views

JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/03/16 12:0 a.m.15 views

JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)

Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/01/08 12:0 a.m.15 views

JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

6.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/03/11 12:0 a.m.15 views

JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/02/07 12:0 a.m.15 views

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

6.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/10/25 12:0 a.m.15 views

JVN#32981509 Ichitaro series buffer overflow vulnerability

The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...

8.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/09/06 12:0 a.m.15 views

JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal

httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/25 12:0 a.m.15 views

JVN#05187780 Hiki arbitrary file deletion vulnerability

Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file. Impact A remote attacker may be able to delete arbitrary files with the privilege of the user running Hiki. Solution Upgrade th...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/06/04 12:0 a.m.15 views

JVN#89497739 Meneame cross-site scripting vulnerability

Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduc...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/04/16 12:0 a.m.15 views

JVN#84646028 open-gorotto cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/02/09 12:0 a.m.15 views

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/26 12:0 a.m.15 views

JVN#64354801 b2evolution cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/12/28 12:0 a.m.15 views

JVN#31185550 tDiary arbitrary Ruby script execution vulnerability

Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/24 12:0 a.m.15 views

JVN#57280612 phpComasy cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/14 12:0 a.m.15 views

JVN#84656399 Nucleus cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/11/06 12:0 a.m.15 views

JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability

Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/10/24 12:0 a.m.15 views

JVN#07235355 desknet's buffer overflow vulnerability

Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...

7.7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/10/20 12:0 a.m.15 views

JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability

Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/10/02 12:0 a.m.15 views

JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability

Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...

7.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/19 12:0 a.m.15 views

JVN#84091359 Trac cross-site scripting vulnerability

Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/01 8:34 a.m.14 views

Multiple vulnerabilities in ServerView Agents for Windows

Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...

8.5CVSS7.2AI score0.00097EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/22 7:44 a.m.14 views

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)

Overview Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below. Relative path traversal in Apex One server CWE-23 - CVE-2026-34926 The only product that could be vulnerable to this exploit is TrendAI Apex One On Premise...

7.8CVSS6.1AI score0.12682EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/11 9:20 a.m.14 views

"Kura Sushi Official App" vulnerable to improper certificate validation

Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...

9.1CVSS7.1AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/11 9:20 a.m.14 views

libXpm vulnerable to out-of-bounds read

Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/30 8:2 a.m.14 views

Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...

5.1CVSS6AI score0.00266EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/16 8:18 a.m.14 views

OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.6CVSS7.2AI score0.01513EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/07/31 12:0 a.m.14 views

JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...

8.8CVSS6.9AI score0.0135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/05/15 12:0 a.m.14 views

JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness

Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...

9.8CVSS7AI score0.00791EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/04/24 12:0 a.m.14 views

JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key

i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 CVE-2025-32730 Impact...

6.8CVSS6.7AI score0.0015EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/04 12:0 a.m.14 views

JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...

7.5CVSS8AI score0.00904EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/11/13 12:0 a.m.14 views

JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...

4.8CVSS6.1AI score0.0029EPSS
Exploits0
Total number of security vulnerabilities5000