Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/09 5:27 a.m.•4 views

Multiple vulnerabilities in multiple Webmin products

Overview Multiple Webmin products contain multiple vulnerabilities listed below. sysinfo.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36450 sessionlogin.cgi is vulnerable to cross-site scripting CWE-79 CVE-2024-36453 ajaxterm module is vulnerable to improper handling of insufficient...

8.8CVSS6.3AI score0.00569EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/18 5:56 a.m.•4 views

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

9.8CVSS7.2AI score0.00507EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 6:24 a.m.•4 views

WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

Overview WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS7.9AI score0.00519EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/07 5:51 a.m.•4 views

Multiple vulnerabilities in "FreeFrom - the nostr client" App

Overview "FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 - CVE-2024-36277 Reliance on obfuscation or encryption of security-relevant inputs without integrity checking CWE-649 -...

5.3CVSS6.6AI score0.00257EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 5:47 a.m.•4 views

Multiple vulnerabilities in Unifier and Unifier Cast

Overview Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 - CVE-2024-23847 Missing Authorization for coejobhook Command Execution CWE-862 - CVE-2024-36246...

9.8CVSS7.4AI score0.00546EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 4:41 a.m.•4 views

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

Overview WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.8AI score0.0037EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 4:33 a.m.•4 views

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

Overview WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, th...

6.5CVSS6.7AI score0.00669EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 8:27 a.m.•4 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability CWE-79, CVE-2024-1143 because RelayState data is not properly treated when Central Dogma processes SAML messages. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

9.3CVSS6.2AI score0.00491EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 1:19 a.m.•4 views

Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)

Overview Trend Micro Incorporated has released a security update for Trend Micro Maximum Security, fixing an improper link resolution vulnerabilityCWE-59, CVE-2024-32849. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Trend...

7.8CVSS6.7AI score0.00256EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/24 1:13 a.m.•4 views

Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer

Overview OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2024-31412 Free of pointer not at start of buffer CWE-761 - CVE-2024-31413 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with t...

7.8CVSS7.6AI score0.00245EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/05 5:53 a.m.•4 views

Multiple vulnerabilities in NEC Aterm series

Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...

9.8CVSS8AI score0.00743EPSS
Exploits0References20
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/01 5:44 a.m.•4 views

KEYENCE VT STUDIO may insecurely load Dynamic Link Libraries

Overview VT STUDIO provided by KEYENCE CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427, CVE-2024-28099. KEYENCE CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

7.8CVSS6.8AI score0.00188EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/29 4:28 a.m.•4 views

"Yahoo! JAPAN" App vulnerable to cross-site scripting

Overview "Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00314EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 8:43 a.m.•4 views

Mini Thread vulnerable to cross-site scripting

Overview Mini Thread provided by Flash CGI according to the original report submitted by the reporter is a CGI script for creating a bulletin board system BBS. Mini Thread contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of...

6.1CVSS6.1AI score0.00293EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/08 5:16 a.m.•4 views

OMRON NJ/NX series vulnerable to path traversal

Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-27121. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...

7.2CVSS7.1AI score0.0088EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/21 11:15 p.m.•4 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative privilege sends a...

6.8CVSS7.4AI score0.00838EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 6:39 a.m.•4 views

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244. Canon Inc. reported these...

9.8CVSS7.8AI score0.01457EPSS
Exploits0References19
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 8:16 a.m.•4 views

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative privilege...

6.8CVSS7.4AI score0.00829EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/24 8:16 a.m.•4 views

Yamaha wireless LAN access point devices vulnerable to active debug code

Overview Active debug code CWE-489 exists in wireless LAN access point devices provided by Yamaha Corporation. The debug function can be enabled by performing specific operations. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

6.8CVSS7AI score0.00321EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 6:8 a.m.•4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation CWE-20 - CVE-2024-23180 Cross-site scripting CWE-79 - CVE-2024-23181 Relative path traversal CWE-23 - CVE-2024-23182 Cross-site scripting CWE-79 - CVE-2024-23183 Improper input...

8.8CVSS7.2AI score0.00918EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/15 6:59 a.m.•4 views

Pleasanter vulnerable to cross-site scripting

Overview Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Masamitsu Kushi of Operation Group, Communication Technology Department, Digital Innovation HQ at Mitsubishi Heavy Industries, Ltd. reported this vulnerability to Implem Inc. and coordinated. After t...

6.1CVSS6AI score0.00355EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 12:27 a.m.•4 views

Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access

Overview iPrint Desktop for Windows provided by Brother Industries, Ltd. outputs logs to a certain log file. The affected version of the product does not check whether the log file is a normal file or a symbolic link to a certain file CWE-59. Chris Au reported this vulnerability to Brother...

6.5CVSS6.5AI score0.00186EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/13 6:30 a.m.•4 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature CWE-79 - CVE-2023-42436 Stored cross-site scripting vulnerability in the App Settings /admin/app page and the Markdown Settings...

6.5CVSS5.9AI score0.0045EPSS
Exploits0References31
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/11 5:12 a.m.•4 views

Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

Overview HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service DoS vulnerabilities listed below. Denial-of-service DoS vulnerability in FTP service CWE-400 - CVE-2023-41963 Denial-of-service DoS vulnerability in commplex-link service CWE-400 - CVE-2023-491...

7.8CVSS7AI score0.00981EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/06 5:43 a.m.•4 views

OS command injection vulnerability in DT900

Overview DT900 contains an OS command injection vulnerability. reported by Mr. Gianluca Altomani. for NEC-PSIRT Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

9.8CVSS7.5AI score0.01496EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 5:22 a.m.•4 views

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

9.1CVSS7.9AI score0.01286EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/15 8:44 a.m.•4 views

ASUSTeK COMPUTER RT-AC87U vulnerable to improper access control

Overview RT-AC87U provided by ASUSTeK COMPUTER INC. contains an improper access control vulnerability CWE-284. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may read or write files that are not intended to be...

9.1CVSS6.8AI score0.00745EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/13 6:57 a.m.•4 views

Multiple vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-34439 Improper access control vulnerability CWE-284 - CVE-2023-45210 Open redirect vulnerability CWE-601 - CVE-2023-46688 Authentication bypass...

7.5CVSS6.2AI score0.00601EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/10 5:41 a.m.•4 views

Remarshal unlimitedly expanding YAML alias nodes

Overview Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly CWE-674, hence Remarshal is vulnerable to Billion Laughs Attack. Taichi Kotake of Sterra Security Co.,Ltd. / Akatsuki Games Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS6.6AI score0.00962EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/02 4:38 a.m.•4 views

Improper restriction of XML external entity references (XXE) in e-Tax software

Overview e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 7:11 a.m.•4 views

Scanning evasion issue in Cisco Secure Email Gateway

Overview Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. This issue was found by Takahiro Ohtani and Michael Joshua Telloyan in the Bug Bounty program at the University of...

6.5AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 7:11 a.m.•4 views

web2py vulnerable to OS command injection

Overview web2py web application framework contains an OS command injection vulnerability CWE-78. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When web2py is configured to u...

9.8CVSS7.6AI score0.03689EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/11 6:23 a.m.•4 views

Out-of-bounds read vulnerability in Keyence KV STUDIO and KV REPLAY VIEWER

Overview KV STUDIO and KV REPLAY VIEWER provided by KEYENCE CORPORATION contain an out-of-bounds read vulnerability CWE-125, CVE-2023-42138. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If this vulnerability is exploited, information ma...

7.8CVSS7AI score0.00186EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•4 views

Information Exposure Vulnerability in Hitachi Ops Center Administrator

Overview A vulnerability CVE-2023-3335 exists in Hitachi Ops Center Administrator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.5CVSS6.8AI score0.00162EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 5:7 a.m.•4 views

Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility

Overview Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Tomoro Taniguchi of FiveDrive, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When a malicious user sen...

5.4CVSS5.8AI score0.00444EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/02 3:36 a.m.•4 views

Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

5.5CVSS6.6AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/26 2:30 a.m.•4 views

Trend Micro Mobile Security vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for Trend Micro Mobile Security. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A cross-site scripting attack may be conducted if a user who is logged in to the...

6.1CVSS6.1AI score0.01798EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/22 4:51 a.m.•4 views

Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

Overview WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 - CVE-2023-40219 Path Traversal CWE-22 - CVE-2023-40532 Cross-site Scripting in registration process of Item List page...

8.8CVSS7.8AI score0.00949EPSS
Exploits0References22
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 6:51 a.m.•4 views

Multiple vulnerabilities in F-RevoCRM

Overview F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-41149 Cross-site scripting vulnerability CWE-79 - CVE-2023-41150 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/...

9.8CVSS7.2AI score0.01261EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/05 5:55 a.m.•4 views

Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

Overview CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Insufficient verification vulnerability in Broadcast Mail CGI pmc.exe CWE-434 - CVE-2023-39933...

7.5CVSS6.7AI score0.00975EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/04 4:41 a.m.•4 views

Multiple vulnerabilities in SHIRASAGI

Overview SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2023-36492 Stored cross-site scripting CWE-79 - CVE-2023-38569 Path traversal CWE-22 - CVE-2023-39448 CVE-2023-36492, CVE-2023-38569 Taiga Shirakura of Mits...

8.8CVSS7.3AI score0.0107EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/21 4:29 a.m.•4 views

Multiple vulnerabilities in LuxCal Web Calendar

Overview LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-39543 SQL injection CWE-89 - CVE-2023-39939 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated wit...

9.1CVSS7.9AI score0.00705EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/15 2:54 a.m.•4 views

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 Telnet service access restriction failure CWE-284 - CVE-2023-38132 Hidden Functionalit...

9.8CVSS7.6AI score0.01566EPSS
Exploits0References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/03 4:45 a.m.•4 views

OMRON CJ series and CS/CJ Series EtherNet/IT unit vulnerable to Denial-of-Service (DoS)

Overview Denial-of-service DoS vulnerability due to improper validation of specified type of input CWE-1287 issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit provided by OMRON Corporation. OMRON...

7.5CVSS6.8AI score0.00653EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/02 5:55 a.m.•4 views

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...

7.8CVSS6.6AI score0.00644EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/28 9:24 a.m.•4 views

Multiple vulnerabilities in Command Center RX (CCRX) of Kyocera Document Solutions MFPs and printers

Overview Command Center RX CCRX, a web interface for MFPs and printers provided by KYOCERA Document Solutions Inc., contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2023-34259 Path traversal CWE-22 - CVE-2023-34260 Observable response discrepancy CWE-204 - CVE-2023-3426...

7.5CVSS6.9AI score0.73354EPSS
Exploits4References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/12 7:15 a.m.•4 views

Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Command Injection on the web management page CWE-77 - CVE-2023-37566, CVE-2023-37568 Command Injection on a certain port of the web management page CWE-77 -...

9.8CVSS7.5AI score0.01764EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/14 5:47 a.m.•4 views

Security updates for multiple Trend Micro products for enterprises (June 2023)

Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JV...

9.8CVSS7.8AI score0.68941EPSS
Exploits2References78
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/07 2:52 a.m.•4 views

Multiple vulnerabilities in KbDevice digital video recorders

Overview Multiple digital video recorders provided by KbDevice,Inc. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-30762 OS command injection CWE-78 - CVE-2023-30764 Hidden functionality CWE-912 - CVE-2023-30766 Yoshiki Mori, Ushimaru Hayato, Hiromu...

9.8CVSS8AI score0.01543EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/01 5:51 a.m.•4 views

"Jiyu Kukan Toku-Toku coupon" App vulnerable to improper server certificate verification

Overview "Jiyu Kukan Toku-Toku coupon" App provided by RUNSYSTEM CO.,LTD. is vulnerable to improper server certificate verification CWE-295. Ryo Nihonyanagi of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.5CVSS6.6AI score0.00281EPSS
Exploits0References7
Total number of security vulnerabilities5000