Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/02 6:18 a.m.•4 views

Multiple Microsoft Office products vulnerable to untrusted search path

Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

7CVSS5.6AI score0.00628EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/26 7:4 a.m.•4 views

Multiple Brother software installers may insecurely load Dynamic Link Libraries

Overview Multiple software installers provided by Brother Industries, Ltd. may insecurely load some dynamic link libraries. Uncontrolled search path element CWE-427 - CVE-2016-2542, CVE-2021-41526 Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Brother...

7.8CVSS5.9AI score0.00503EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/28 4:36 a.m.•4 views

Installer of INZONE Hub may insecurely load Dynamic Link Libraries

Overview The installer of INZONE Hub provided by Sony Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-64772 Kazuma Matsumoto of GMO Cybersecurity by IERAE,...

8.4CVSS6.8AI score0.00183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/26 5:35 a.m.•4 views

SwitchBot Smart Video Doorbell vulnerable to active debug code

Overview Smart Video Doorbell provided by SwitchBot contains the following vulnerability. Active debug code CWE-489 - CVE-2025-64983 Researcher reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker on ...

8.6CVSS8.2AI score0.00307EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/19 7:22 a.m.•4 views

Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries

Overview Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-12852 Impact Arbitrary code may be executed with the...

8.4CVSS6.9AI score0.00125EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/14 6:26 a.m.•4 views

NCP-HG100 vulnerable to OS command injection

Overview NCP-HG100 provided by Sony Network Communications Inc. and used in MANOMA service contains the following vulnerability. OS command injection CWE-78 - CVE-2025-64444 HIROKI IMAI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.6CVSS7.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/07 5:55 a.m.•4 views

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2025-11546 NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under...

9.8CVSS7.4AI score0.00448EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/06 4:45 a.m.•4 views

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2025-61994 Keitaro Yamazaki of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

5.4CVSS5.3AI score0.00165EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 5:17 a.m.•4 views

Multiple Roboticsware products register Windows services with unquoted file paths

Overview Multiple Roboticsware products provided by Roboticsware PTE. LTD. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-64151 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

8.4CVSS7.1AI score0.00151EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/20 5:20 a.m.•4 views

ETERNUS SF vulnerable to incorrect default permissions

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-62577 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc...

8.8CVSS6.9AI score0.0017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/06 6:38 a.m.•4 views

The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries

Overview The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-57781 This vulnerability is exploited by directing a user to download and place a crafted DLL file with the affected installer, and to execute...

8.4CVSS7.2AI score0.0015EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/30 2:50 a.m.•4 views

Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

Overview Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2025-7698 Out-of-bounds write CWE-787 - CVE-2025-9903 Reference to unallocated memory CWE-696 -...

6.9CVSS7AI score0.00361EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/19 5:58 a.m.•4 views

Multiple vulnerabilities in I-O DATA wireless LAN routers

Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...

8.6CVSS7.7AI score0.01149EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/19 1:52 a.m.•4 views

Multiple Brother and its OEM products with weak initial administrator passwords

Overview Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on JVNVU90043828, CVE-2024-51978. Brother states that 1 serial numbers...

4.3CVSS7.2AI score0.00227EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/17 4:45 a.m.•4 views

Century HW RAID Manager registers a Windows service with an unquoted file path

Overview RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-59307 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/08 4:42 a.m.•4 views

RICOH Streamline NX vulnerable to tampering with operation history

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

3.1CVSS4AI score0.00106EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/05 5:53 a.m.•4 views

Multiple vulnerabilities in TkEasyGUI

Overview TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-55037 Uncontrolled search path element CWE-427 - CVE-2025-55671 Satoki Tsuji of Ikotas Labs, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

9.8CVSS8AI score0.02716EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/03 5:23 a.m.•4 views

Web Caster V130 vulnerable to cross-site request forgery

Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...

3.7CVSS6.5AI score0.00119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/29 5:47 a.m.•4 views

Multiple vulnerabilities in multiple iND products

Overview Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 - CVE-2025-53507 OS command injection CWE-78 - CVE-2025-53508 HL330-DLS, HL320-DLS Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported...

8.6CVSS7.4AI score0.01293EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/07 3:25 a.m.•4 views

Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection

Overview Trend Micro Endpoint security products for enterprises contain the following vulnerabilities. OS command injection vulnerability in the management console CWE-78 - CVE-2025-54948, CVE-2025-54987 Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observ...

9.8CVSS8.3AI score0.2079EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/31 6:12 a.m.•4 views

ZXHN-F660T and ZXHN-F660A use a common credential for all installations

Overview ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations CWE-1391 - CVE-2025-53558 Yuuki Miyata of YuukiJapanTech reported this vulnerability to IPA...

8.8CVSS6.5AI score0.0135EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/28 8:53 a.m.•4 views

TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection

Overview VIGI NVR1104H-4P and VIGI NVR2016H-16MP provided by TP-Link Systems Inc. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-7723, CVE-2025-7724 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

8.8CVSS7.5AI score0.00894EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/23 4:54 a.m.•4 views

Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input

Overview Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 - CVE-2025-43881 n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.3CVSS6.5AI score0.00286EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/22 4:33 a.m.•4 views

"region PAY" App for Android vulnerable to insertion of sensitive information into log file

Overview "region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-52580 Kubo Naoki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

2.4CVSS6.5AI score0.00181EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/15 6:54 a.m.•4 views

Least Privilege Violation Vulnerability in the communications functions of NJ/NX series Machine Automation Controllers

Overview Least privilege violation vulnerability CWE-272 exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software provided by OMRON Corporation. - CVE-2025-1384 OMRON Corporation reported this vulnerability to JPCERT/CC to notify...

7CVSS7AI score0.00222EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/07/04 4:28 a.m.•4 views

Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Arbitrary files may be deleted during the product installation d...

7.8CVSS7AI score0.00182EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/30 5:45 a.m.•4 views

Multiple vulnerabilities in TB-eye network recorders and AHD recorders

Overview Network recorders and AHD recorders provided by TB-eye Ltd. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-36529 Classic buffer overflow CWE-120 - CVE-2025-41418 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/C...

8.6CVSS8AI score0.01191EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/12 6:56 a.m.•4 views

UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints

Overview UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 Shu Yoshikoshi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.1CVSS6.8AI score0.00109EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/03 5:40 a.m.•4 views

Improper file access permission settings in PC Time Tracer

Overview PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 - CVE-2025-46355 Ruslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

7.3CVSS6.5AI score0.00139EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/23 6:36 a.m.•4 views

Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'

Overview The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 - CVE-2025-47149 Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC...

6.9CVSS6.6AI score0.00148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/22 6:3 a.m.•4 views

Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers

Overview Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information CWE-522. CVE-2025-3078, CVE-2025-3079 Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the...

8.7CVSS6.8AI score0.00618EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 9:11 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Path traversal CWE-22 CVE-2025-27566 This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege Cross-site scripting CWE-79...

9.8CVSS6.6AI score0.00463EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/12 9:0 a.m.•4 views

Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2025-41393 Juan Pablo Gomez Postigo of Sprocket...

6.1CVSS6.1AI score0.00614EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/11 4:52 a.m.•4 views

TP-Link Deco BE65 Pro vulnerable to OS command injection

Overview Deco BE65 Pro provided by TP-LINK contains an OS command injection vulnerability CWE-78. Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by the user who can log...

8CVSS7.4AI score0.0181EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/07 8:44 a.m.•4 views

Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'

Overview Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below. Incorrect privilege assignment in the WEB UI the setting page CWE-266 - CVE-2025-23407 OS command injection in the WEB UI the setting page CWE-78 - CVE-2025-25053...

9.8CVSS8AI score0.00935EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/03 3:29 a.m.•4 views

WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

Overview WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbol...

6.8CVSS7.1AI score0.01233EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/28 1:46 a.m.•4 views

a-blog cms vulnerable to untrusted data deserialization

Overview a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. appleple inc. reported this vulnerability to JPCERT/CC to notify...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/26 9:13 a.m.•4 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...

7.5CVSS7.1AI score0.03532EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/12 5:19 a.m.•4 views

hostapd vulnerable to improper processing of RADIUS packets

Overview hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

3.7CVSS6.7AI score0.00716EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/06 5:27 a.m.•4 views

Multiple vulnerabilities in RemoteView Agent (for Windows)

Overview RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a...

7.8CVSS7AI score0.00143EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/18 7:33 a.m.•4 views

Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability CWE-787, CVE-2024-45320 due to a flaw in verifying the length of data. Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/30 9:19 a.m.•4 views

Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager

Overview A Clickjacking Vulnerability was found in JP1/ServerConductor/Deployment Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.3CVSS6.7AI score0.00281EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 4:41 a.m.•4 views

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649, CVE-2025-2146. Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the...

9.8CVSS7.9AI score0.01181EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/16 4:27 a.m.•4 views

Linux Ratfor vulnerable to stack-based buffer overflow

Overview Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Social Informatics Laboratories / NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact...

7CVSS7.5AI score0.00258EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/16 10:54 p.m.•4 views

Multiple vulnerabilities in SHARP routers

Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...

9.8CVSS8.1AI score0.01187EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/19 1:41 a.m.•4 views

Multiple vulnerabilities in Rakuten Turbo 5G

Overview Rakuten Turbo 5G provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2024-47865 OS command injection CWE-78 - CVE-2024-48895 Exposure of sensitive system information to an unauthorized control sphere...

8.8CVSS8AI score0.00999EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/01 4:49 a.m.•4 views

REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers

Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...

9.8CVSS7AI score0.00556EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/21 2:58 a.m.•4 views

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System. IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-31408 Insufficiently protected credentials...

8CVSS7.7AI score0.01077EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/18 5:40 a.m.•4 views

MUSASI version 3 performing authentication on client-side

Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...

7.5CVSS7AI score0.00425EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 3:46 a.m.•4 views

SNMP service is enabled by default in Sharp NEC Display Solutions projectors

Overview Multiple projectors provided by Sharp NEC Display Solutions, Ltd. are configured with SNMP service enabled by default, therefore can be accessed by specifying SNMP community name "public" CWE-1242 ,CVE-2024-7011. SNMP service configuration enable/disable cannot be changed on the manageme...

6.5CVSS6.6AI score0.00319EPSS
Exploits0References4
Total number of security vulnerabilities5000