Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/13 2:46 a.m.•6 views

SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting

Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...

4.3CVSS6.2AI score0.01263EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/26 8:32 a.m.•6 views

Google Chrome information disclosure vulnerability

Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS6.2AI score0.00761EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/26 7:51 a.m.•6 views

TeraPad may insecurely load dynamic libraries

Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...

6.9CVSS7.5AI score0.00283EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 8:47 a.m.•6 views

Cisco Router and Security Device Manager vulnerable to cross-site scripting

Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...

4.3CVSS6.1AI score0.00845EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/02/26 3:45 a.m.•6 views

tDiary plugin tb-send.rb vulnerable to cross-site scripting

Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...

4.3CVSS6.2AI score0.01996EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/01/14 12:24 p.m.•6 views

WebCalenderC3 vulnerable to directory traversal

Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.7AI score0.01564EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/04/07 8:6 a.m.•6 views

XOOPS Cube Legacy cross-site scripting vulnerability

Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...

4.3CVSS6.1AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/11/21 1:16 a.m.•6 views

JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability

Overview JP1/Integrated Management Service Support is vulnerable to cross-site scripting due to failure to properly process requests. Impact An attacker could perform cross-site scripting attacks by embedding malicious scripts in a request. Solution Please refer to the 'Vendor Information' sectio...

4.3CVSS6.2AI score0.01624EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/10/30 3:19 a.m.•6 views

BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability

Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...

9CVSS8AI score0.52274EPSS
Exploits8References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/03 3:34 a.m.•6 views

Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability

Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...

6.4CVSS6.9AI score0.01403EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/09/03 3:33 a.m.•6 views

Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability

Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...

10CVSS8.1AI score0.04619EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/06/13 8:11 a.m.•6 views

X.Org Foundation X server buffer overflow vulnerability

Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...

8.5CVSS7.9AI score0.05108EPSS
Exploits0References37
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user...

7.5CVSS7.4AI score0.04119EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

SonicStage CP buffer overflow vulnerability

Overview SonicStage CP is vulnerable to buffer overflow. Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a...

9.3CVSS8.2AI score0.10919EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

CGI RESCUE WebFORM missing mail content vulnerability

Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...

5CVSS6.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Apache Tomcat sample web application cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...

4.3CVSS4.6AI score0.77376EPSS
Exploits1References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Cosminexus Denial of Service Vulnerability

Overview JSSE Java Secure Socket Extension in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS...

5CVSS6.6AI score0.02198EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Aipo session fixation vulnerability

Overview Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user log...

5.8CVSS6.7AI score0.00821EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Adobe JRun cross-site scripting vulnerability

Overview Adobe JRun is an application server based on J2EE Java 2 Platform Enterprise Edition. Adobe JRun contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from ...

4.3CVSS6.2AI score0.02786EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...

6.4CVSS6.5AI score0.01878EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Lunascape RSS reader arbitrary script execution vulnerability

Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...

4.3CVSS6.7AI score0.01263EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Java Web Start vulnerable to execution of unauthorized system classes

Overview Java Web Start, included in the JRE Java Runtime Environment from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing...

10CVSS7.3AI score0.04959EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Shuriken Pro3 S/MIME signature verification does not verify the From address

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

WirelessIP5000 has multiple vulnerabilities

Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...

7.5CVSS7AI score0.0115EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Apache Tomcat denial of service vulnerability

Overview Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. Apache Tomcat contains a vulnerability that may allow a remote attacker to cause a denial of service DoS. Impact A remote attacker may cause a denial of service DoS. Solution...

5CVSS6.8AI score0.2344EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability

Overview eaycheckx509cert in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. Impact An attacker could bypass IKE authentication using invalid X.509 cerfiticates. Solution Please refer to the 'Vendor...

10CVSS6.8AI score0.0544EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•6 views

Virus Buster Corporate Edition vulnerability

Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/07/01 5:55 a.m.•5 views

Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•5 views

RPG MAKER MV and MZ vulnerable to OS command injection

Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...

8.4CVSS7.1AI score0.00677EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/17 5:8 a.m.•5 views

Multiple vulnerabilities in Canon EOS Network Setting Tool

Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...

9.8CVSS5.8AI score0.00267EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/15 6:30 a.m.•5 views

Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers

Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/02 5:58 a.m.•5 views

Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2026-32925 Out-of-bounds read in VS6ComFile!loadlinkinf CWE-125 - CVE-2026-32926 Out-of-bounds read in...

8.4CVSS6.8AI score0.00209EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/26 8:41 a.m.•5 views

Digital Photo Frame GH-WDF10A vulnerable to improper access restriction

Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7CVSS6.8AI score0.00174EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/25 6:14 a.m.•5 views

Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...

9.8CVSS6.5AI score0.00566EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/03 5:57 a.m.•5 views

Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries

Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...

8.4CVSS5.5AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/03 5:57 a.m.•5 views

Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/02 6:18 a.m.•5 views

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS5.8AI score0.0133EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/02 6:18 a.m.•5 views

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.6CVSS5.6AI score0.00284EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/27 9:22 a.m.•5 views

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

7.3CVSS5.9AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/20 11:0 a.m.•5 views

ETERNUS SF vulnerable to insertion of sensitive information into maintenance data

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

5.6CVSS5.6AI score0.00099EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 1:46 a.m.•5 views

Authentication bypass vulnerability in OpenBlocks series

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...

8.8CVSS8.8AI score0.00279EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/24 2:10 a.m.•5 views

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...

9.8CVSS6.7AI score0.00286EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/08 5:6 a.m.•5 views

GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths

Overview FULLBACK Manager Pro provided by GS Yuasa International Ltd. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66461 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

8.4CVSS7AI score0.00135EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 8:17 a.m.•5 views

Multiple vulnerabilities in Security Point (Windows) of MaLion

Overview Security Point Windows of MaLion provided by Intercom, Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2025-59485 Stack-based buffer overflow in processing HTTP headers CWE-121 - CVE-2025-62691 Heap-based buffer overflow in processing...

9.8CVSS8.6AI score0.00593EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 5:59 a.m.•5 views

Multiple vulnerabilities in SNC-CX600W

Overview SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2025-62497 Cross-site scripting CWE-79 - CVE-2025-64730 The following people reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer...

6.5CVSS4.9AI score0.00174EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 5:15 a.m.•5 views

"FOD" App uses hard-coded cryptographic keys

Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...

5.1CVSS4.7AI score0.0011EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/21 7:27 a.m.•5 views

Multiple vulnerabilities in LogStare Collector

Overview LogStare Collector provided by LogStare Inc. contains multiple vulnerabilities listed below. Incorrect default permissions for the installation directory CWE-276 - CVE-2025-58097 Stored cross-site scripting vulnerability in UserManagement CWE-79 - CVE-2025-61949 Incorrect authorization i...

8.4CVSS6.2AI score0.00231EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/21 6:31 a.m.•5 views

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts

Overview EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability. Improper restriction of excessive authentication attempts CWE-307 - CVE-2025-64310 Vladislav Khegay and Aigerim Alibek of Astana IT University...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/17 5:9 a.m.•5 views

"Dejira" App for iOS vulnerable to improper server certificate verification

Overview "Dejira" App for iOS provided by KDDI CORPORATION contains the following vulnerability. Improper server certificate verification CWE-295 Tsuyoshi Ogawa of SIE Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS4.9AI score0.00121EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 7:37 a.m.•5 views

Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...

8.6CVSS7.4AI score0.0128EPSS
Exploits0References6
Total number of security vulnerabilities5000