Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/23 7:57 a.m.•8 views

GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...

8.7CVSS7AI score0.00365EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/16 8:29 a.m.•8 views

Arcserve UDP Console vulnerable to redirect to a dummy URL

Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...

6.3CVSS6.6AI score0.00178EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 7:15 a.m.•8 views

Multiple vulnerabilities in Movable Type

Overview The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-25776 SQL injection CWE-89 - CVE-2026-33088 CVE-2026-25776 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six...

9.8CVSS7.4AI score0.00468EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•8 views

Multiple Vulnerabilities in Hitachi Ops Center Common Services

Overview Multiple vulnerabilities exist in Hitachi Ops Center Common Services. CVE-2024-4028, CVE-2025-8714, CVE-2025-8715, CVE-2025-10044, CVE-2025-12817, CVE-2025-12818, CVE-2025-41248, CVE-2025-41249, CVE-2026-1190 Impact Regarding the impact of the vulnerability, please refer to the vendor...

8.8CVSS6.9AI score0.00709EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•8 views

Multiple Vulnerabilities in Hitachi Ops Center Viewpoint

Overview Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution...

7.5CVSS6.7AI score0.02142EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•8 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-20846 | GDI+ Denial of Service Vulnerability CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability...

8.8CVSS6.8AI score0.25835EPSS
Exploits9References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 8:58 a.m.•8 views

SANYO DENKI SANUPS SOFTWARE registers Windows services with unquoted file paths

Overview SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-33253 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.4CVSS7AI score0.00191EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/09 5:57 a.m.•8 views

Installer for Qsee Client may insecurely load Dynamic Link Libraries

Overview The installer for Qsee Client provided by Qsee contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-30896 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. report...

8.4CVSS7AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/05 3:36 a.m.•8 views

django-allauth vulnerable to open redirect

Overview django-allauth is a package for implementing user authentication in Django applications. django-allauth contains the following vulnerability. Open redirect CWE-601 - CVE-2026-27982 Ayato Shitomi of Fore-Z co.ltd and Funabiki Keisuke of GMO Cybersecurity by Ierae, Inc. reported this...

6.1CVSS5.9AI score0.00159EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/26 5:24 a.m.•8 views

Multiple vulnerabilities in the installer of FinalCode Client

Overview The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2026-23703 Uncontrolled search path element CWE-427 - CVE-2026-25191 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

8.5CVSS6.3AI score0.00144EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/17 11:46 a.m.•8 views

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of th...

7.5CVSS5.6AI score0.00864EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/17 3:46 a.m.•8 views

Joomla! CMS vulnerable to cross-site scripting

Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.4CVSS5.7AI score0.00175EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/23 6:22 a.m.•8 views

Command injection vulnerability in ASUS routers

Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...

9.8CVSS5.9AI score0.01017EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/19 1:8 a.m.•8 views

Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers

Overview Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237 Release of invalid pointer or referenc...

9.8CVSS6.1AI score0.00899EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/13 10:1 a.m.•8 views

Multiple vulnerabilities in EATON UPS Companion

Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...

8.6CVSS7.8AI score0.00266EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/07 6:39 a.m.•8 views

Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series"

Overview Wi-Fi router "WSR-1800AX4 series" provided by BUFFALO INC. contains the following vulnerability. Use of password hash with insufficient computational effort CWE-916 - CVE-2025-46413 Kazuaki Chikamori and Takayuki Tatekawa of National Institute of Technology, Kochi College reported this...

5.3CVSS5.3AI score0.00117EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/09 4:39 a.m.•8 views

Multiple vulnerabilities in FUJI Electric V-SFT

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2025-61856 Out-of-bounds write in VS6ComFile!CItemExChange::WinFontDynStrCheck CWE-787 - CVE-2025-61857...

8.4CVSS7.6AI score0.00185EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/19 7:21 a.m.•8 views

OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path

Overview Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path CWE-428, CVE-2025-9818. OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution...

6.7CVSS6.7AI score0.00139EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 12:0 a.m.•8 views

JVN#35290164: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly

"Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score...

5.3CVSS6.8AI score0.00253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/30 12:0 a.m.•8 views

JVN#90566559: Apache Jena Fuseki vulnerable to path traversal

Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score 2.7 CVE-2025-49656 Impact A remore...

7.5CVSS6.2AI score0.01401EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/29 12:0 a.m.•8 views

JVN#59585716: "SwitchBot" App vulnerable to insertion of sensitive information into log file

"SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.1 CVE-2025-53649 Impact...

5.9CVSS4.9AI score0.00146EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/30 12:0 a.m.•8 views

JVN#24333956: SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting

SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1...

6.1CVSS6.1AI score0.0019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/18 7:50 a.m.•8 views

Active! mail vulnerable to stack-based buffer overflow

Overview Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. QUALITIA CO., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through...

9.8CVSS8.1AI score0.03084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/09 5:55 a.m.•8 views

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Apex Central 2019 Information Disclosure due to...

7.8CVSS6.6AI score0.00299EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/12 12:0 a.m.•8 views

JVN#19358384: hostapd vulnerable to improper processing of RADIUS packets

hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. Impact When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS...

3.7CVSS6.8AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/06 12:0 a.m.•8 views

JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)

RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a specific...

7.8CVSS7.7AI score0.00143EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 5:51 a.m.•8 views

RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

Overview RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. contain an incorrect resource transfer between spheres vulnerability. RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. build a sandbox environment isolated from a server or a client's...

2.7CVSS6.5AI score0.00194EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 12:0 a.m.•8 views

JVN#91300609: RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. build a sandbox environment isolated from a server or a client's local environment. These products provide the function enabling execution of sanitizing files when downloading files from the sandbox environment to the...

2.7CVSS6.9AI score0.00194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/12 12:0 a.m.•8 views

JVN#84319378: acmailer vulnerable to cross-site scripting

acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product. Solution Update the software Update the software to the latest versi...

6.1CVSS6.2AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/22 12:0 a.m.•8 views

JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2

UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...

7.5CVSS7.6AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/02 12:0 a.m.•8 views

JVN#53958863: Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2024-11013 Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base...

7.2CVSS7.6AI score0.0107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/27 12:0 a.m.•8 views

JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...

5.3CVSS6.8AI score0.01043EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 12:0 a.m.•8 views

JVN#39280069: RevoWorks Cloud vulnerable to unintended process execution

RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes...

7.8CVSS7.5AI score0.00173EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/08 12:0 a.m.•8 views

JVN#28515217: Cleartext transmission issue in TONE store App to TONE store

TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...

3.7CVSS4AI score0.00257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/22 8:28 a.m.•8 views

Armeria-saml improperly handles SAML messages

Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...

9.1CVSS6.6AI score0.00834EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 2:36 a.m.•8 views

WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS6.2AI score0.01442EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/22 6:29 a.m.•8 views

LINE for iOS fails to verify SSL server certificates

Overview LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

5.9CVSS6.4AI score0.00603EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/21 6:40 a.m.•8 views

The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries

Overview Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and Shun Suza...

9.3CVSS6.9AI score0.01029EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/11 5:55 a.m.•8 views

Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files

Overview FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/12 4:36 a.m.•8 views

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

6.1CVSS6AI score0.00762EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/04/21 4:44 a.m.•8 views

WNC01WH vulnerable to OS command injection

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

6.8CVSS7.3AI score0.00567EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:10 a.m.•8 views

Cybozu Mailwise vulnerable to mail header injection

Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.9AI score0.01481EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/13 5:27 a.m.•8 views

FileMaker server issue where PHP source code may be viewable

Overview FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7.5CVSS6.9AI score0.01324EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/22 5:36 a.m.•8 views

Multiple Buffalo network devices vulnerable to cross-site request forgery

Overview Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS6.5AI score0.00541EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/04 6:12 a.m.•8 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...

6.1CVSS5.7AI score0.05618EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/28 5:39 a.m.•8 views

QNAP QTS vulnerable to OS command injection

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...

10CVSS7.8AI score0.99999EPSS
Exploits158References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/12 5:0 a.m.•8 views

Help Page in multiple Adobe products vulnerable to cross-site scripting

Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

4.3CVSS6.2AI score0.02458EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:29 a.m.•8 views

Information disclosure vulnerability in Sleipnir Mobile for Android

Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/17 4:57 a.m.•8 views

Android OS vulnerable to arbitrary Java method execution

Overview Android OS contains a vulnerability where an arbitrary Java method may be executed. Tamami Eguchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When viewing a specially crafted page using the...

9.3CVSS7AI score0.42623EPSS
Exploits6References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/07/19 3:32 a.m.•8 views

JBoss RichFaces vulnerable to remote code execution

Overview JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization. JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interfa...

7.5CVSS8.4AI score0.12662EPSS
Exploits1References7
Total number of security vulnerabilities5000