Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Kmail CGI authentication bypass vulnerability

Overview Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability. Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution None...

7.5CVSS7.1AI score0.01511EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

tDiary arbitrary Ruby script execution vulnerability

Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...

6CVSS7.4AI score0.00979EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Canna irw_through Buffer Overflow Vulnerability

Overview Canna contains a buffer overflow vulnerability in the irwthrough function. Impact A local attacker could execute arbitrary code with the privileges of the 'bin' user. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate action...

7.2CVSS7.5AI score0.00494EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

w3m Vulnerability of Unauthorized Access to Files or Cookies

Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.5AI score0.02027EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

Multiple JustSystems products vulnerable to buffer overflow

Overview Multiple JustSystems products are vulnerable to buffer overflow. Multiple JustSystems products contain a vulnerability which allows a remote attacker to cause buffer overflow when a user opens or views a specially crafted .jtd file. Multiple products are affected by this vulnerability. F...

9.3CVSS7.8AI score0.04756EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

RaidenHTTPD cross-site scripting vulnerability

Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. This issue is different from JVN90438169. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability...

4.3CVSS6.3AI score0.01065EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

SEWB3/PLATFORM Denial of Service Vulnerability

Overview SEWB3/PLATFORM handles SEWB3 message improperly when it receives malformed data, which allows attackers to cause a Denial of Service DoS. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.7AI score0.01189EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•4 views

EUR Print Manager Denial of Service Vulnerability

Overview EUR Print Manager fails to accept job execution requests when it receives unexpected data, which could be exploited to cause a Denial of Service DoS condition. Impact An attacker could cause a Denial of Service DoD. Solution Please refer to the 'Vendor Information' section for official...

5CVSS6.9AI score0.01397EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/26 12:52 a.m.•3 views

Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control

Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/25 12:32 a.m.•3 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint

Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...

8.2CVSS7AI score0.02164EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/24 8:56 a.m.•3 views

Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]

Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...

8.8CVSS5.4AI score0.0078EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

3.7CVSS5.9AI score0.00083EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves improper authorization vulnerability. CVE-2025-2902 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/12 8:22 a.m.•3 views

Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...

9.8CVSS7.5AI score0.00567EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/26 2:2 a.m.•3 views

Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager

Overview Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager contain a vulnerability CVE-2025-5781 that may allow session tokens to be stored. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 4:4 a.m.•3 views

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

5.1CVSS6.6AI score0.00112EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 2:28 a.m.•3 views

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...

8.7CVSS6.7AI score0.00362EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/16 6:31 a.m.•3 views

SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow

Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...

8.6CVSS7.5AI score0.00491EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/09 8:16 a.m.•3 views

ELECOM Clone for Windows registers a Windows service with an unquoted file path

Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...

8.4CVSS7AI score0.00135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/29 5:17 a.m.•3 views

Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries

Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...

8.4CVSS6.8AI score0.00146EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/20 7:17 a.m.•3 views

Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS7.4AI score0.02689EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/03 5:23 a.m.•3 views

Web Caster V130 vulnerable to cross-site request forgery

Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...

3.7CVSS6.5AI score0.00119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/02 5:20 a.m.•3 views

"Gunosy" App vulnerable to insertion of sensitive information into sent data

Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.1CVSS6.4AI score0.00212EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/09/01 6:22 a.m.•3 views

Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series

Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...

5.3CVSS6.8AI score0.00108EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 10:50 a.m.•3 views

Improper file access permission settings in multiple i-FILTER products

Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.5CVSS7.3AI score0.00138EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/27 5:22 a.m.•3 views

ScanSnap Manager installers vulnerable to privilege escalation

Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...

8.5CVSS6.8AI score0.00122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/18 4:40 a.m.•3 views

PgManage vulnerable to injection

Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/08 6:29 a.m.•3 views

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.6CVSS7AI score0.00209EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/08/08 5:50 a.m.•3 views

Multiple SEIKO EPSON products use weak initial passwords

Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...

8.7CVSS6.8AI score0.00448EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/27 12:37 a.m.•3 views

Multiple Brother driver installers for Windows vulnerable to privilege escalation

Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...

8.5CVSS7AI score0.00147EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/18 4:42 a.m.•3 views

KCM3100 vulnerable to authentication bypass using an alternate path or channel

Overview KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2025-51381 Namihiko Matsumura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS6.8AI score0.00631EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/13 7:9 a.m.•3 views

Multiple vulnerabilities in RICOH Streamline NX PC Client

Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...

9.8CVSS7.2AI score0.00776EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/06 4:56 a.m.•3 views

Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery

Overview Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was...

5.1CVSS6.4AI score0.00126EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/06/03 6:35 a.m.•3 views

TimeWorks vulnerable to path traversal

Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

6.9CVSS6.7AI score0.00574EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/26 5:22 a.m.•3 views

Mailform Pro CGI generating error messages containing sensitive information

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

9.8CVSS6.6AI score0.00935EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 9:27 a.m.•3 views

Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'

Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...

9.8CVSS8.3AI score0.01705EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 7:14 a.m.•3 views

Pgpool-II vulnerable to authentication bypass by primary weakness

Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS6.7AI score0.00791EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/12 8:52 a.m.•3 views

Multiple vulnerabilities in GL-MT2500 and GL-MT2500A

Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...

7.5CVSS7.5AI score0.0034EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/10 6:36 a.m.•3 views

Multiple vulnerabilities in BizRobo!

Overview BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to che...

9.8CVSS7.1AI score0.84362EPSS
Exploits5References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/19 6:33 a.m.•3 views

Multiple vulnerabilities in home gateway HGW-BL1500HM

Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...

8.8CVSS6.6AI score0.00878EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 7:19 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 - CVE-2025-22888 Stored cross-site scripting vulnerability in the HTML edit mode ...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 7:39 a.m.•3 views

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

9.8CVSS7.5AI score0.01361EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/13 4:39 a.m.•3 views

Multiple vulnerabilities in FileMegane

Overview FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 - CVE-2025-20075 Authentication Bypass by Spoofing CWE-290 - CVE-2025-25055 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these...

7.2CVSS7.2AI score0.00332EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:26 a.m.•3 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

Overview NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611, CVE-2024-12298. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially...

5.5CVSS6.5AI score0.00221EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/05 5:6 a.m.•3 views

Multiple vulnerabilities in Defense Platform Home Edition

Overview Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 - CVE-2025-20094 Execution with unnecessary privileges CWE-250 - CVE-2025-22890 Improper handling of message in specific...

8.8CVSS8.1AI score0.00189EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/28 4:44 a.m.•3 views

WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS6AI score0.00262EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/27 5:25 a.m.•3 views

EXIF Viewer Classic vulnerable to cross-site scripting

Overview EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/22 4:55 a.m.•3 views

Multiple vulnerabilities in I-O DATA router UD-LT2

Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...

7.5CVSS7.6AI score0.01171EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/21 6:59 a.m.•3 views

FortiWeb vulnerable to SQL injection

Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

2.7CVSS7.5AI score0.00392EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/16 2:51 a.m.•3 views

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Overview AE1021 and AE1021PE are information outlet type wireless LAN routers provided by FXC Inc. They contain multiple vulnerabilities listed below. Weak Authentication CWE-1390 - CVE-2024-47397 OS Command Injection CWE-78 - CVE-2024-53688 Inclusion of Undocumented Features CWE-1242 -...

7.5CVSS7.7AI score0.01505EPSS
Exploits0References8
Total number of security vulnerabilities5000