Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/04 7:15 a.m.•6 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...

6.5CVSS5.5AI score0.00216EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/30 5:23 a.m.•6 views

Undocumented "TelnetEnable" functionality of End of Service NETGEAR products

Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/21 6:17 a.m.•6 views

Ruijie Networks AP180 series vulnerable to OS command injection

Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.6CVSS5.9AI score0.0154EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/09 9:17 a.m.•6 views

RICOH Streamline NX vulnerable to improper authorization

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Improper authorization CWE-639 - CVE-2026-21409 Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

8.2CVSS5.7AI score0.00327EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/08 4:47 a.m.•6 views

The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries

Overview The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-21427 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.5CVSS7.9AI score0.00175EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 5:19 a.m.•6 views

Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2

Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.5CVSS7.8AI score0.00123EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 5:10 a.m.•6 views

Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd.

Overview Multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. contain multiple vulnerabilities listed below. Path traversal CWE-22, CVE-2025-11540 Stack-based buffer overflow CWE-121, CVE-2025-11541, CVE-2025-11542 Improper validation of integrity check value CWE-354,...

9.8CVSS7.7AI score0.00356EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/11 5:33 a.m.•6 views

QND vulnerable to privilege escalation

Overview QND provided by QualitySoft Corporation contains the following vulnerability. Privilege Chaining CWE-268 - CVE-2025-64701 Tongren Chen of PwC Consulting LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.5CVSS8AI score0.00112EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/09 8:25 a.m.•6 views

Android App "Brother iPrint&Scan" improper use of an external cache directory

Overview iPrint provided by Brother Industries, Ltd. contains the following vulnerability. Improper use of an external cache directory CWE-524 - CVE-2025-64696 Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD...

4.8CVSS4.4AI score0.00115EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 4:51 a.m.•6 views

Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path

Overview Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-62225 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.4CVSS7AI score0.00151EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/28 5:4 a.m.•6 views

MZK-DP300N uses hard-coded credentials

Overview MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability. Use of hard-coded credentials CWE-798 - CVE-2025-62777 Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.8AI score0.00245EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/17 4:38 a.m.•6 views

Installer of AutoDownloader may insecurely load Dynamic Link Libraries

Overview Installer of AutoDownloader provided by Panasonic Connect Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-11223 Kazuma Matsumoto of GMO Cybersecurity ...

8.4CVSS6.9AI score0.00151EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/17 12:0 a.m.•6 views

JVN#84697061: Century HW RAID Manager registers a Windows service with an unquoted file path

RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-2025-59307 Impact A user with t...

8.4CVSS7.4AI score0.00166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/08 12:0 a.m.•6 views

JVN#75307484: RICOH Streamline NX vulnerable to tampering with operation history

RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1 CVE-2025-58422 Impact If an...

3.1CVSS6.5AI score0.00106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 6:12 a.m.•6 views

"Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly

Overview "Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 - CVE-2025-41408 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5.3CVSS6.8AI score0.00253EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/29 12:0 a.m.•6 views

JVN#50585992: Multiple vulnerabilities in multiple iND products

Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2025-53507 OS...

8.6CVSS7.2AI score0.01293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/23 2:13 a.m.•6 views

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...

8.6CVSS7.6AI score0.01051EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/02 5:13 a.m.•6 views

Multiple vulnerabilities in Active! mail

Overview Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-52462 Cross-site request forgery CSRF CWE-352 - CVE-2025-52463 Rintaro Fujita and Shoji Baba of GAKUSHUIN UNIVERSITY reported these vulnerabilities to IPA...

6.1CVSS6.8AI score0.00193EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/30 6:45 a.m.•6 views

SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting

Overview SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 - CVE-2025-41439 Matteo Santini reported this vulnerability to Ricoh Company, Ltd. direct...

6.1CVSS6.1AI score0.0019EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/26 6:13 a.m.•6 views

Multiple vulnerabilities in iroha Board

Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...

5.3CVSS7AI score0.00206EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/24 6:25 a.m.•6 views

Inefficient regular expressions in GROWI

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2025-43880 Takanori Okamoto of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.4AI score0.00271EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/12 12:0 a.m.•6 views

JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints

UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...

7.1CVSS7.1AI score0.00109EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/30 1:38 a.m.•6 views

Security Update for Trend Micro Trend Vision One (April 2025)

Overview Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these...

9CVSS7.1AI score0.00413EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/04 5:56 a.m.•6 views

Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)

Overview FutureNet AS series Industrial Routers and FA series Protocol Conversion Machine provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Authentication Bypass CWE-288 - CVE-2025-24846 Buffer Overflow CWE-120 - CVE-2025-25280 Chuya Hayakawa and Ryo Kamino of...

7.5CVSS7AI score0.00494EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/04 12:0 a.m.•6 views

JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...

4.3CVSS6.7AI score0.00164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 8:33 a.m.•6 views

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview MFPs multifunction printers provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below. Out-of-bounds Read CWE-125 CVE-2024-42420 Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP...

9.8CVSS6AI score0.00729EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/26 7:27 a.m.•6 views

Unquoted Service Path in Hitachi Device Manager

Overview Hitachi Device Manager contain the following vulnerabilities: CVE-2024-5963: An unquoted executable path exists in Hitachi Device Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

6.7CVSS6.8AI score0.00165EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/21 8:37 a.m.•6 views

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2018-16165 CVSS v3...

10CVSS7.6AI score0.74745EPSS
Exploits3References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/05 4:46 a.m.•6 views

Multiple vulnerabilities in ZEXELON ZWX-2000CSW2-HN

Overview ZWX-2000CSW2-HN provided by ZEXELON CO., LTD. is a high-speed coaxial modem with wireless LAN functions. ZWX-2000CSW2-HN contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2024-39838 Incorrect permission assignment for critical resource CWE-732 -...

8.8CVSS6.8AI score0.00332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/29 6:28 a.m.•6 views

Multiple vulnerabilities in SKYSEA Client View

Overview SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. Improper access control in the specific process CWE-266 - CVE-2024-41139 Origin validation error in shared memory data exchanges CWE-3...

7.8CVSS7.5AI score0.00501EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 6:32 a.m.•6 views

Multiple vulnerabilities in UNIVERSAL PASSPORT RX

Overview UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in Primefaces library used in the product Cross-sit...

6.5CVSS7.3AI score0.00289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 4:53 a.m.•6 views

Toyoko Inn official App vulnerable to improper server certificate verification

Overview Toyoko Inn official App provided by Toyoko Inn IT Solution Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.8CVSS6.5AI score0.00224EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 4:46 a.m.•6 views

"Mercari" App for Android fails to restrict custom URL schemes properly

Overview "Mercari" App for Android by Mercari, Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Shiga Takuma of BroadBand Security Inc...

6.1CVSS6.7AI score0.00385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/07 4:47 a.m.•6 views

EC-CUBE 3 series and 4 series vulnerable to arbitrary code execution

Overview EC-CUBE 3 series and 4 series provided by EC-CUBE CO.,LTD. contain an arbitrary code execution vulnerability CWE-94 due to improper settings of the product's template engine "Twig". Takeshi Miura of N.F.Laboratories Inc. reported this vulnerability to EC-CUBE CO.,LTD. EC-CUBE CO.,LTD. In...

7.2CVSS7.6AI score0.01582EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/31 4:43 a.m.•6 views

Cybozu Remote Service vulnerable to uncontrolled resource consumption

Overview Cybozu Remote Service provided by Cybozu, Inc. is vulnerable to uncontrolled resource consumption CWE-400. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Certain operations performed by a logged-in user may lead to huge storage...

6.5CVSS6.6AI score0.00616EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 5:44 a.m.•6 views

Multiple vulnerabilities in Panasonic KW Watcher

Overview KW Watcher provided by Panasonic contains multiple vulnerabilities listed below. Improper restriction of operations within the bounds of a memory buffer CWE-119 - CVE-2023-3471 Use after free CWE-416 - CVE-2023-3472 Michael Heinzl reported these vulnerabilities to Panasonic and...

8.6CVSS7.5AI score0.00419EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/27 4:49 a.m.•6 views

Shihonkanri Plus vulnerable to relative path traversal

Overview Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability CWE-23. Shimizu Yutaro of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...

7.8CVSS7.4AI score0.00318EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/09 6:18 a.m.•6 views

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

Overview Wi-Fi AP UNIT provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2023-31196 OS command injection CWE-78 - CVE-2023-31198 OS command injection CWE-78 - CVE-2023-28392 MASAHIRO IIDA of LAC Co.,...

7.5CVSS7.8AI score0.01476EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/04/04 6:22 a.m.•6 views

Multiple vulnerabilities in JustSystems products

Overview Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use After Free CWE-416 - CVE-2022-43664 Heap-based Buffer Overflow CWE-122 - CVE-2022-45115 Free of Memory not on the Heap CWE-590 - CVE-2023-22291 Heap-based Buffer Overflow CWE-122 -...

7.8CVSS7.4AI score0.00537EPSS
Exploits4References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/27 4:39 a.m.•6 views

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

9.8CVSS7AI score0.01089EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/03/08 6:9 a.m.•6 views

Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Overview Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Cross-Site Request Forgery CWE-352 - CVE-2023-27520 Takaya Noma, Yudai Morii, Hiroki Yasui, Takayuki Sasaki, a...

6.5CVSS6.2AI score0.00499EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/07/04 5:17 a.m.•6 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 CyVDB-3042 Information disclosure in multiple applications CWE-200 - CVE-2022-29512 CyVDB-3111 Improper input...

8.1CVSS6.5AI score0.01049EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/25 4:35 a.m.•6 views

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Overview Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Directory Traversal CWE-22 - CVE-2022-23119 Code Injection CWE-94 - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept PoC code...

7.8CVSS7.8AI score0.2225EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/01/24 5:7 a.m.•6 views

GROWI vulnerable to authorization bypass through user-controlled key

Overview GROWI provided by WESEEK, Inc. contains an authorization bypass through user-controlled key vulnerability CWE-639, CVE-2021-3852. huntr first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as an intermediator. After the coordination between huntr and WESEE...

7.5CVSS7.2AI score0.00808EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/10/01 5:42 a.m.•6 views

Trend Micro ServerProtect family vulnerable to authentication bypass

Overview Trend Micro Incorporated has released security updates for ServerProtect family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A remote attacker may bypass authentication for the products. For more information, refer...

10CVSS7AI score0.09019EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/09/28 6:18 a.m.•6 views

SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

Overview SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro of Cryptography Laboratory , Information and Communication Engineering ,Graduate School of Engineering , Tokyo Denki University reported this...

7.4CVSS6.5AI score0.0047EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/08/27 4:29 a.m.•6 views

baserCMS vulnerable to cross-site scripting

Overview baserCMS provided by baserCMS Users Community contains a cross-site scripting vulnerability CWE-79. Akagi Yusuke of NTT-ME CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

8.7CVSS6AI score0.00929EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/07/06 7:8 a.m.•6 views

Multiple vulnerabilities in Trend Micro Password Manager

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation and buffer overflow due to improper processing of integ...

9CVSS8.5AI score0.05232EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 5:32 a.m.•6 views

boastMachine vulnerable to cross-site scripting

Overview boastMachine provided by knadh contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's...

6.1CVSS6.2AI score0.0449EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/06/30 5:21 a.m.•6 views

IkaIka RSS Reader vulnerable to cross-site scripting

Overview IkaIka RSS Reader contains a cross-site scripting vulnerability CWE-79, due to the improper processing of RSS registration. LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a malicio...

6.1CVSS6.2AI score0.00788EPSS
Exploits0References5
Total number of security vulnerabilities5000