Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/30 5:56 a.m.•6 views

Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Overview Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered. Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Keita Haga of keitahaga.com reported this vulnerability to...

5.8CVSS6.6AI score0.01276EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/24 5:5 a.m.•6 views

Sleipnir Mobile for Android vulnerable in the WebView class

Overview Sleipnir Mobile for Android contains a vulnerability in the WebView class. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this...

5CVSS6.5AI score0.01918EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/07/03 5:57 a.m.•6 views

Yome Collection for Android issue in management of IMEI

Overview Yome Collection for Android contains an issue which stores the International Mobile Equipment Identity IMEI on a SD card. Applications without the READPHONESTATE permission may obtain the IMEI from the SD card. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku University...

5CVSS6.5AI score0.01369EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/19 3:35 a.m.•6 views

WEB PATIO vulnerable to cross-site scripting

Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling cookies, which may result in cross-site scripting. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA. JPCERT/CC...

4.3CVSS5.8AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/20 3:21 a.m.•6 views

TwitRocker2 (Android version) vulnerable in the WebView class

Overview TwitRocker2 Android version contains a vulnerability in the WebView class. TwitRocker2 is a client software for using twitter. TwitRocker2 Android version contains a vulnerability in the WebView class. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to...

5CVSS6.5AI score0.01563EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 7:41 a.m.•6 views

SENCHA SNS vulnerable to cross-site request forgery

Overview SENCHA SNS contains a cross-site request forgery vulnerability. SENCHA SNS is an open source SNS software. SENCHA SNS contains a cross-site request forgery vulnerability. Hiroshi Tokumaru of HASH Consulting Corp. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

6.8CVSS6.8AI score0.00643EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 7:40 a.m.•6 views

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Overview Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an...

10CVSS6.9AI score0.04725EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/23 9:27 a.m.•6 views

glucose 2 vulnerable to arbitrary script execution

Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

4.3CVSS7AI score0.01135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 6:12 a.m.•6 views

Cogent DataHub vulnerable to HTTP header injection

Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability also known as CRLF, carriage return line feed, injection vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology...

5.8CVSS7AI score0.01512EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 9:3 a.m.•6 views

Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

Overview Multiple products provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged...

6.8CVSS6.6AI score0.00586EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:11 a.m.•6 views

Cybozu Office vulnerable in restricting access

Overview Cybozu Office contains a vulnerability in restricting access permissions. Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.8AI score0.01193EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:8 a.m.•6 views

A-Form vulnerable in restricting access

Overview A-Form contains a vulnerability in restricting access permissions. A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not hav...

5.5CVSS6.6AI score0.01263EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:21 a.m.•6 views

Multiple Cybozu products vulnerable to cross-site scripting

Overview Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability. Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system. Sen UENO of Tricorder Co. Ltd. reported...

4.3CVSS6AI score0.01223EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/24 10:15 a.m.•6 views

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6AI score0.01042EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/06/10 7:23 a.m.•6 views

Java Web Start may insecurely load dynamic libraries

Overview Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs. Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE Java Runtime Environment Java Web Start contains an issue with the DLL search path...

7.6CVSS7.5AI score0.02948EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:44 p.m.•6 views

EC-CUBE vulnerable to cross-site request forgery

Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site request forgery vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Masako Oono reported this vulnerability to IP...

5.8CVSS6.4AI score0.0061EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/10 11:32 p.m.•6 views

Multiple Yamaha routers vulnerable to denial-of-service (DoS)

Overview Multiple routers provided by Yamaha contain a denial-of-service vulnerability. Multiple routers provided by Yamaha contain a denial-of-service DoS vulnerability due to an issue in processing IP packets. Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IP...

7.8CVSS6.8AI score0.01633EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/03/02 8:27 a.m.•6 views

Multiple Things CGI products vulnerable to cross-site scripting

Overview Multiple CGI products provided by Things contain a cross-site scripting vulnerability. BBS and BBS Thread provided by Things are bulletin board software. BBS and BBS Thread contain a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/13 2:46 a.m.•6 views

SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting

Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...

4.3CVSS6.2AI score0.01263EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/26 8:32 a.m.•6 views

Google Chrome information disclosure vulnerability

Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS6.2AI score0.00761EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/26 7:51 a.m.•6 views

TeraPad may insecurely load dynamic libraries

Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...

6.9CVSS7.5AI score0.00283EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•6 views

Cisco Router and Security Device Manager vulnerable to cross-site scripting

Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...

4.3CVSS6.1AI score0.00845EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/02/04 8:42 a.m.•6 views

Multiple Vulnerabilities Concerning Hitachi Web Server

Overview Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to...

6.8CVSS6.6AI score0.94281EPSS
Exploits7References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/10/30 3:19 a.m.•6 views

BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability

Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...

9CVSS8AI score0.52274EPSS
Exploits8References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/13 8:11 a.m.•6 views

X.Org Foundation X server buffer overflow vulnerability

Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...

8.5CVSS7.9AI score0.05108EPSS
Exploits0References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

CruiseWorks and Minna De Office vulnerable in access restrictions

Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...

6.5CVSS6.5AI score0.00324EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user...

7.5CVSS7.4AI score0.04119EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Aipo session fixation vulnerability

Overview Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user log...

5.8CVSS6.7AI score0.00821EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

SonicStage CP buffer overflow vulnerability

Overview SonicStage CP is vulnerable to buffer overflow. Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a...

9.3CVSS8.2AI score0.10919EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Hiki cross-site scripting vulnerability

Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...

4.3CVSS6.2AI score0.01235EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability

Overview eaycheckx509cert in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. Impact An attacker could bypass IKE authentication using invalid X.509 cerfiticates. Solution Please refer to the 'Vendor...

10CVSS6.8AI score0.0544EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Virus Buster Corporate Edition vulnerability

Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

DeleGate Multiple Buffer Overflow Vulnerabilities

Overview DeleGate suffers buffer overflow when scanf, strncpy and other string handling process are set to fail with a long string sent by proxy. Impact An attacker could execute arbitrary code with the privileges of the user running DeleGate. Solution Please refer to the 'Vendor Information'...

7.5CVSS7.9AI score0.02387EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Shuriken Pro3 S/MIME signature verification does not verify the From address

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/07/01 5:55 a.m.•5 views

Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•5 views

RPG MAKER MV and MZ vulnerable to OS command injection

Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...

8.4CVSS7.1AI score0.00677EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•5 views

DGM3103SCT vulnerable to OS command injection

Overview DGM3103SCT provided by AVTECH Security Corporation contains the following vulnerability. OS command injection CWE-78 - CVE-2026-56808 Tomoya KITAGAWA, Satoki TSUJI, Seiya NAKATA, and Yudai FUJIWARA of Ricerca Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.6CVSS7AI score0.0155EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/17 5:8 a.m.•5 views

Multiple vulnerabilities in Canon EOS Network Setting Tool

Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...

9.8CVSS5.8AI score0.00267EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/17 4:53 a.m.•5 views

OS command injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router

Overview RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-53876 KAZUHIRO SHIBUTA of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

8.6CVSS7.1AI score0.01786EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/15 6:30 a.m.•5 views

Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers

Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/02 5:58 a.m.•5 views

Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2026-32925 Out-of-bounds read in VS6ComFile!loadlinkinf CWE-125 - CVE-2026-32926 Out-of-bounds read in...

8.4CVSS6.8AI score0.00209EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/26 8:41 a.m.•5 views

Digital Photo Frame GH-WDF10A vulnerable to improper access restriction

Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7CVSS6.8AI score0.00174EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/26 8:41 a.m.•5 views

Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427 - CVE-2026-28760 Incorrect default permissions CWE-276 - CVE-2026-32680 Kazuma Matsumoto of GMO Cybersecurit...

8.5CVSS7.3AI score0.00175EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/23 5:54 a.m.•5 views

Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)

Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

9.8CVSS6.3AI score0.0039EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/25 6:14 a.m.•5 views

Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...

9.8CVSS6.5AI score0.00566EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/09 6:21 a.m.•5 views

Oki Electric Industry products and OEM products register Windows services with unquoted file paths

Overview Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-24466 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IP...

8.4CVSS6AI score0.00137EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/03 5:57 a.m.•5 views

Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries

Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...

8.4CVSS5.5AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/02 6:18 a.m.•5 views

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS5.8AI score0.0133EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/02 6:18 a.m.•5 views

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.6CVSS5.6AI score0.00284EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/27 9:22 a.m.•5 views

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

7.3CVSS5.9AI score0.00144EPSS
Exploits0References5
Total number of security vulnerabilities5000