Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/16 12:0 a.m.•7 views

JVN#44419726: ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials

ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.8 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2025-53842 Thi...

8.8CVSS7AI score0.00332EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/01 5:2 a.m.•7 views

Multiple vulnerabilities in Web Connection of Konica Minolta MFPs

Overview Multiple MFPs multifunction printers provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-5884 Cross-site request forgery CWE-352 - CVE-2025-5885 Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify...

5.4CVSS6.8AI score0.00241EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/18 12:0 a.m.•7 views

JVN#46288336: KCM3100 vulnerable to authentication bypass using an alternate path or channel

KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Scor...

9.8CVSS7.2AI score0.00631EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/14 2:30 a.m.•7 views

Panasonic IR Control Hub vulnerable to Unauthorised firmware loading

Overview IR Control Hub provided by Panasonic contains a vulnerability that may lead to loading of unauthorized firmware. IR Control Hub provided by Panasonic verifies the hash value of the loading firmware when booting, but it keeps booting with the firmware even when it detects that the hash...

7.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/30 1:38 a.m.•7 views

Security Update for Trend Micro Trend Vision One (April 2025)

Overview Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these...

9CVSS7.1AI score0.00413EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/18 7:50 a.m.•7 views

Active! mail vulnerable to stack-based buffer overflow

Overview Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. QUALITIA CO., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through...

9.8CVSS8.1AI score0.03084EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/28 12:0 a.m.•7 views

JVN#88046370: WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

4.8CVSS6.2AI score0.00262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/31 7:44 a.m.•7 views

Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Zhihong Tian, Hui L...

7.7CVSS7.9AI score0.00703EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/26 7:27 a.m.•7 views

Unquoted Service Path in Hitachi Device Manager

Overview Hitachi Device Manager contain the following vulnerabilities: CVE-2024-5963: An unquoted executable path exists in Hitachi Device Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

6.7CVSS6.8AI score0.00165EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 9:21 a.m.•7 views

TvRock vulnerable to denial-of-service (DoS)

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/15 7:29 a.m.•7 views

Multiple vulnerabilities in BUFFALO wireless LAN routers

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 OS Command Injection CWE-78 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

9.8CVSS7.6AI score0.00561EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 8:28 a.m.•7 views

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

7.8CVSS6.8AI score0.00481EPSS
Exploits0References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 4:48 a.m.•7 views

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 - CVE-2023-28713 Incorrect permission assignment for critical resource CWE-732 - CVE-2023-28399 Improper access control CWE-284 - CVE-2023-28657...

8.8CVSS8.3AI score0.62419EPSS
Exploits1References23
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/05/26 4:58 a.m.•7 views

ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal

Overview ESS REC Agent Server Edition for Linux etc. provided by Encourage Technologies Co.,Ltd. contain a directory traversal vulnerability CWE-23. Hayato Ushimaru of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.8CVSS6.6AI score0.00908EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/13 2:9 a.m.•7 views

Multiple mobile printing apps for Android vulnerable to improper intent handling

Overview Multiple mobile printing apps for Android are vulnerable to improper intent handling CWE-668. Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When a malicious app is installed on the victim user's Android device, the app may send...

5.5CVSS6.5AI score0.00343EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 6:22 a.m.•7 views

Multiple vulnerabilities in JustSystems products

Overview Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use After Free CWE-416 - CVE-2022-43664 Heap-based Buffer Overflow CWE-122 - CVE-2022-45115 Free of Memory not on the Heap CWE-590 - CVE-2023-22291 Heap-based Buffer Overflow CWE-122 -...

7.8CVSS7.4AI score0.00537EPSS
Exploits4References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/01/31 5:10 a.m.•7 views

SUSHIRO App for Android outputs sensitive information to the log file

Overview SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the...

7.5CVSS6.5AI score0.00784EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/08/19 2:42 a.m.•7 views

Multiple vulnerabilities in Trend Micro Security

Overview Trend Micro Incorporated has released security updates for Trend Micro Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Security 2022 Information disclosure due to an Out-Of-Bounds Read...

7.8CVSS6.9AI score0.00335EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/05/20 8:4 a.m.•7 views

Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)

Overview Spring Security OAuth spring-security-oauth2 provided by VMware, Inc. contains a denial-of-service vulnerability due to uncontrolled resource consumption CWE-400. Note that Spring Security OAuth spring-security-oauth2 is no longer supported, therefore Spring Security has been developed a...

6.5CVSS6.6AI score0.01234EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/03/04 5:12 a.m.•7 views

i-FILTER vulnerable to improper check for certificate revocation

Overview i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early...

4.8CVSS6.5AI score0.00969EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/13 6:26 a.m.•7 views

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

Overview PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.9CVSS6.5AI score0.00107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/11 9:7 a.m.•7 views

Apache HTTP Server vulnerable to directory traversal

Overview Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Shungo Kumasaka of Internet Initiative Japan Inc. reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/...

9.8CVSS8.9AI score0.99964EPSS
Exploits174References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:2 a.m.•7 views

Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor

Overview Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor. We would like to thank Piotr Madej ING Tech Poland for reporting the relevant issues. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...

6.5CVSS7.1AI score0.00872EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/06 4:48 a.m.•7 views

Wi-Fi STATION L-02F vulnerable to buffer overflow

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reporte...

10CVSS8AI score0.0231EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/11 5:55 a.m.•7 views

Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files

Overview FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/28 1:23 a.m.•7 views

Hard-coded credentials vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains hard-coded credentials. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

9.8CVSS6.8AI score0.0142EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/12 4:36 a.m.•7 views

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...

6.1CVSS6AI score0.00762EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/01 5:6 a.m.•7 views

WordPress plugin "WP Live Chat Support" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Live Chat Support" provided by CODECABIN contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...

6.1CVSS6AI score0.01293EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/05 6:2 a.m.•7 views

ManageEngine Password Manager Pro fails to restrict access permissions

Overview ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions. Impact A user may gain unauthorized access to other users' password entry history. Solution Update the Software This vulnerability has been addressed in Password Manager Pro 8.4.0 Build...

6.8CVSS6.8AI score0.0332EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 6:32 a.m.•7 views

Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

Overview The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

7.8CVSS6.9AI score0.01534EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/20 6:19 a.m.•7 views

Money Forward Apps for Android vulnerability that allows unintended operations

Overview Money Forward Apps for Android contain a vulnerability where unintended operations may be performed. Kenta Suefusa, Akinori Konishi and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS6.5AI score0.01367EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:26 a.m.•7 views

H2O use of externally-controlled format string

Overview H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information...

7.5CVSS7AI score0.01802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/19 5:13 a.m.•7 views

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.01307EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:10 a.m.•7 views

Cybozu Mailwise vulnerable to mail header injection

Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.9AI score0.01481EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:20 a.m.•7 views

Apache Struts vulnerable to input validation bypass

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain an input validation bypass vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

7.5CVSS6.7AI score0.10013EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon logging function vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

4.3CVSS6.5AI score0.01455EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

7.5CVSS6.1AI score0.01552EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/16 5:48 a.m.•7 views

a-blog cms vulnerable to session management

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.5CVSS6.9AI score0.01277EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/26 5:18 a.m.•7 views

Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.1CVSS6AI score0.0102EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/19 5:39 a.m.•7 views

baserCMS vulnerable to OS command injection

Overview baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary OS...

6.5CVSS7.3AI score0.01056EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/15 4:57 a.m.•7 views

H2O vulnerable to HTTP header injection

Overview H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership. Impact...

4.3CVSS7.1AI score0.01459EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/12/03 5:26 a.m.•7 views

EC-CUBE plugin BbAdminViewsControl vulnerable to SQL injection

Overview BbAdminViewsControl from BOKUBLOCK CO., LTD. is an EC-CUBE plugin. BbAdminViewsControl contains an SQL injection vulnerability CWE-89. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.5CVSS7.8AI score0.0107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/05 5:11 a.m.•7 views

Multiple TYPE-MOON games vulnerable to OS command injection

Overview Multiple games provided by TYPE-MOON contain an OS command injection vulnerability CWE-78 due to an issue in loading save data. KUSANO Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

10CVSS7.6AI score0.0372EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/07/29 5:58 a.m.•7 views

yoyaku_v41 vulnerable to OS command injection

Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.6AI score0.01383EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/18 4:50 a.m.•7 views

FuelPHP vulnerable to remote code execution

Overview FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.9AI score0.02718EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:29 a.m.•7 views

Information disclosure vulnerability in Sleipnir Mobile for Android

Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 6:2 a.m.•7 views

VMware ESX and ESXi may allow access to arbitrary files

Overview VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

4.4CVSS7AI score0.00353EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/10/10 5:45 a.m.•7 views

Smarty vulnerable to cross-site scripting

Overview Smarty contains a cross-site scripting vulnerability. Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6AI score0.02462EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/17 4:55 a.m.•7 views

Drupal Form API fails to validate the redirect URL

Overview Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Katsuhiko Nakanishi from NEC...

5.8CVSS6.7AI score0.01378EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 7:40 a.m.•7 views

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Overview Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an...

10CVSS6.9AI score0.04725EPSS
Exploits0References5
Total number of security vulnerabilities5000