Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

HP System Management Homepage cross-site scripting vulnerability

Overview A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage SMH. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Comp...

4.3CVSS6.1AI score0.03871EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Internet Explorer vulnerable in MHTML handling

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...

4.3CVSS6.8AI score0.2504EPSS
Exploits1References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

rktSNS cross-site scripting vulnerability

Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...

4.3CVSS6.3AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

RaidenHTTPD cross-site scripting vulnerability

Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...

10CVSS6.1AI score0.05191EPSS
Exploits1References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Yayoi Kaikei improper handling of credential information

Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...

2.6CVSS6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

WebCart cross-site scripting vulnerability

Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

6.4CVSS6.2AI score0.01263EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Cosminexus javadoc Cross-Site Scripting Vulnerability

Overview The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities. Impact An attacker could exploit said HTML file vulnerable to cross-site scripting. Solution Please refer to the 'Vendor Information' section for official remediation and take...

4.3CVSS6.2AI score0.01659EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

MouseoverDictionary vulnerable to arbitrary script execution

Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...

5.8CVSS6.6AI score0.01009EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...

4.3CVSS7.7AI score0.27783EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Ichitaro series buffer overflow vulnerability

Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...

9.3CVSS7.9AI score0.05741EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Sun Java System Web Server cross-site scripting vulnerability

Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...

6.8CVSS6.2AI score0.03398EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

4.3CVSS6.3AI score0.01369EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

tDiary arbitrary Ruby script execution vulnerability

Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...

6CVSS7.4AI score0.00979EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

JP1 Request Handling Denial of Service Vulnerabilities

Overview Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.7AI score0.01596EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

04WebServer directory traversal vulnerability

Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...

7.5CVSS7.1AI score0.01567EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Cybozu Office 6 information disclosure vulnerability

Overview A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information. Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used,...

5CVSS6.4AI score0.01316EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

MDPro cross-site scripting vulnerability

Overview MDPro, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solutio...

6.8CVSS6.1AI score0.01406EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Kmail CGI authentication bypass vulnerability

Overview Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability. Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution None...

7.5CVSS7.1AI score0.01511EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Multiple vulnerabilities in Webmin and Usermin

Overview Webmin and Usermin, web-based system management tools, contain the following vulnerabilities: - Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions - Cross-site scripting We are aware that these vulnerabilities have been addressed in...

6.8CVSS6.7AI score0.0297EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

McAfee VirusScan Engine buffer overflow vulnerability

Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...

7.5CVSS7.3AI score0.07125EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/26 12:52 a.m.•3 views

Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control

Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/25 12:32 a.m.•3 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint

Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...

8.2CVSS7AI score0.02164EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/24 8:56 a.m.•3 views

Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]

Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...

8.8CVSS5.4AI score0.0078EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

3.7CVSS5.9AI score0.00083EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves improper authorization vulnerability. CVE-2025-2902 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/12 8:22 a.m.•3 views

Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...

9.8CVSS7.5AI score0.00567EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/26 2:2 a.m.•3 views

Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager

Overview Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager contain a vulnerability CVE-2025-5781 that may allow session tokens to be stored. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 4:4 a.m.•3 views

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

5.1CVSS6.6AI score0.00112EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 2:28 a.m.•3 views

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...

8.7CVSS6.7AI score0.00362EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/16 6:31 a.m.•3 views

SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow

Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...

8.6CVSS7.5AI score0.00491EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/09 8:16 a.m.•3 views

ELECOM Clone for Windows registers a Windows service with an unquoted file path

Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...

8.4CVSS7AI score0.00135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/29 5:17 a.m.•3 views

Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries

Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...

8.4CVSS6.8AI score0.00146EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/20 7:17 a.m.•3 views

Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS7.4AI score0.02689EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/03 5:23 a.m.•3 views

Web Caster V130 vulnerable to cross-site request forgery

Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...

3.7CVSS6.5AI score0.00119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/02 5:20 a.m.•3 views

"Gunosy" App vulnerable to insertion of sensitive information into sent data

Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.1CVSS6.4AI score0.00212EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/01 6:22 a.m.•3 views

Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series

Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...

5.3CVSS6.8AI score0.00108EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 10:50 a.m.•3 views

Improper file access permission settings in multiple i-FILTER products

Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.5CVSS7.3AI score0.00138EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 5:22 a.m.•3 views

ScanSnap Manager installers vulnerable to privilege escalation

Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...

8.5CVSS6.8AI score0.00122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/18 4:40 a.m.•3 views

PgManage vulnerable to injection

Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/08 6:29 a.m.•3 views

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.6CVSS7AI score0.00209EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/08 5:50 a.m.•3 views

Multiple SEIKO EPSON products use weak initial passwords

Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...

8.7CVSS6.8AI score0.00448EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/27 12:37 a.m.•3 views

Multiple Brother driver installers for Windows vulnerable to privilege escalation

Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...

8.5CVSS7AI score0.00147EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/18 4:42 a.m.•3 views

KCM3100 vulnerable to authentication bypass using an alternate path or channel

Overview KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2025-51381 Namihiko Matsumura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS6.8AI score0.00631EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/13 7:9 a.m.•3 views

Multiple vulnerabilities in RICOH Streamline NX PC Client

Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...

9.8CVSS7.2AI score0.00776EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/06 4:56 a.m.•3 views

Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery

Overview Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was...

5.1CVSS6.4AI score0.00126EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/03 6:35 a.m.•3 views

TimeWorks vulnerable to path traversal

Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

6.9CVSS6.7AI score0.00574EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/26 5:22 a.m.•3 views

Mailform Pro CGI generating error messages containing sensitive information

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9.8CVSS6.6AI score0.00935EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 9:27 a.m.•3 views

Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'

Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...

9.8CVSS8.3AI score0.01705EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 7:14 a.m.•3 views

Pgpool-II vulnerable to authentication bypass by primary weakness

Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS6.7AI score0.00791EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/12 8:52 a.m.•3 views

Multiple vulnerabilities in GL-MT2500 and GL-MT2500A

Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...

7.5CVSS7.5AI score0.0034EPSS
Exploits0References7
Total number of security vulnerabilities5000