Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/06 3:11 a.m.•3 views

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

Overview Trend Micro Incorporated has released the security updates for Deep Security Agent for Windows and Deep Security Notifier on DSVA for Windows VM to fix an OS command injection vulnerability CWE-78, CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notif...

9.8CVSS8AI score0.19633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/02 7:38 a.m.•3 views

Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2024-11013 Cross-site request forgery WE-352 - CVE-2024-11014 RyotaK of Flatt Security Inc. reported these vulnerabilities to NEC Corporation and...

7.2CVSS7.5AI score0.0107EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/22 1:59 a.m.•3 views

Multiple vulnerabilities in Edgecross Basic Software for Windows

Overview Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2024-4229 External control of file name or path CWE-73 - CVE-2024-4230 Edgecross Consortium reported these vulnerabilities to...

7.8CVSS7.4AI score0.00218EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/13 5:26 a.m.•3 views

Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B

Overview Mesh Wi-Fi router RP562B provided by SoftBank Corp. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-29075 OS command injection CWE-78 - CVE-2024-45827 Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-47799...

8CVSS7.8AI score0.01561EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/13 4:50 a.m.•3 views

WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

Overview "Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Umeda Yuugo of Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.8CVSS5.9AI score0.0029EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/01 5:28 a.m.•3 views

Command injection vulnerability in Trend Micro Cloud Edge

Overview Trend Micro Incorporated has released a security update for Cloud Edge to fix a command injection vulnerability CVE-2024-48904. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact An arbitrary command may be executed on th...

9.8CVSS7.4AI score0.0246EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/30 6:7 a.m.•3 views

Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

Overview Multiple network cameras provided by Hangzhou Hikvision Digital Technology Co., Ltd. support two Dynamic DNS services, DynDNS and NO-IP.The user can select which to use on the GUI configuration page. Both the services provide their APIs accessible via HTTP and HTTPS, but old firmware...

6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 5:29 a.m.•3 views

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Overview Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to t...

5.5CVSS7AI score0.00251EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/25 6:7 a.m.•3 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 - CVE-2024-46996 Stored cross-site scripting vulnerability on Edit Email Form Settings CWE-79 ...

7.1CVSS5.9AI score0.00328EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/16 5:12 a.m.•3 views

SHIRASAGI vulnerable to path traversal

Overview SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.6CVSS6.7AI score0.01016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/11 5:13 a.m.•3 views

Multiple vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-46897 Stored Cross-site Scripting CWE-79 - CVE-2024-47793 CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc...

5.4CVSS6.6AI score0.00356EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 8:51 a.m.•3 views

Apache Tomcat improper handling of TLS handshake process data

Overview Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. The reporter, Ozaki of North Grid Corporation, reported this issue directly to and coordinated with the...

8.6CVSS6.6AI score0.01702EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:15 a.m.•3 views

File Permissions Vulnerability in Hitachi Ops Center Common Services

Overview File permissions vulnerability exists in Hitachi Ops Center Common Services. CVE-2024-2819: File permission vulnerability in Hitachi Ops Center Common Services Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer ...

6.5CVSS6.8AI score0.00202EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:14 a.m.•3 views

Multiple vulnerabilities in Smart-tab

Overview Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-41999 Plaintext storage of a password CWE-256 -...

6.8CVSS7.5AI score0.00261EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 6:0 a.m.•3 views

MF Teacher Performance Management System vulnerable to cross-site scripting

Overview MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications...

6.1CVSS6.2AI score0.00243EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/11 9:19 a.m.•3 views

Malleability attack against executables encrypted by CBC mode with no integrity check

Overview Researchers at NTT, University of Hyogo, and NEC have identified a security issue that leads to executing arbitrary code in executable files that are encrypted by CBC mode with no integrity check. This issue has been published in ACNS 2020 . There is a risk that an encrypted executable...

7.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 7:40 a.m.•3 views

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Overview Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS6.5AI score0.003EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 5:58 a.m.•3 views

Pgpool-II vulnerable to information disclosure

Overview Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/02 5:57 a.m.•3 views

Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow

Overview Control FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability CWE-121, CVE-2024-7013. Michael Heinzl reported this vulnerability to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify user...

7.8CVSS7.5AI score0.00284EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/30 4:58 a.m.•3 views

Multiple vulnerabilities in WordPress plugin "Carousel Slider"

Overview WordPress plugin "Carousel Slider" provided by Sayful Islam contains 2 CSRF vulnerabilities listed below. Cross-site request forgery on Carousel image selection feature CWE-352 - CVE-2024-45269 Cross-site request forgery on Hero image selection feature CWE-352 - CVE-2024-45270 RyotaK of...

4.3CVSS6.5AI score0.00256EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/29 5:7 a.m.•3 views

xfpt vulnerable to stack-based buffer overflow

Overview xfpt fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When ...

7.8CVSS7.5AI score0.00258EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/27 5:40 a.m.•3 views

Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 - CVE-2024-34577, CVE-2024-42412 Missing...

9.8CVSS7.5AI score0.00943EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/22 2:33 a.m.•3 views

Installer of Trend Micro Security 2020 (Consumer) may insecurely load Dynamic Link Libraries

Overview Installers of Trend Micro Security 2020 Consumer family may insecurely load Dynamic Link Libraries. Multiple products provided by Trend Micro Incorporated contain the DLL search path issue, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated...

7.8CVSS6.9AI score0.01EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/20 8:52 a.m.•3 views

Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read

Overview Trend Micro Security Consumer Driver is vulnerable to Out-of-bounds Read. Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability CWE-125. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

7.8CVSS6.3AI score0.01215EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/06 6:13 a.m.•3 views

Firmware update for RICOH JavaTM Platform resets the TLS configuration

Overview JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer...

7.5CVSS7AI score0.0051EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 7:40 a.m.•3 views

FFRI AMC vulnerable to OS command injection

Overview FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability CWE-78. It is exploitable when the notification program setting is enabled, the executable file path is...

8.1CVSS7.2AI score0.00465EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 5:6 a.m.•3 views

EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

Overview EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

6.1CVSS5.9AI score0.00271EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/29 8:51 a.m.•3 views

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Overview FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Initialization of a Resource with an Insecure Default CWE-1188 - CVE-2024-31070 Active Debug Code CWE-489 - CVE-2024-36475 OS Command Injection CWE-78 -...

10CVSS7.9AI score0.74513EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/18 4:44 a.m.•3 views

Assimp vulnerable to heap-based buffer overflow

Overview Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.4CVSS7.8AI score0.00281EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/28 8:38 a.m.•3 views

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contains an OS command injection vulnerability CWE-78 related to the backup/restore function. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A user who logs in to the affected...

6.8CVSS7.5AI score0.00362EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/24 2:5 a.m.•3 views

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

6.1CVSS5.9AI score0.00269EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 7:4 a.m.•3 views

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

Overview "ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 4:54 a.m.•3 views

Ruijie BCR810W/BCR860 vulnerable to OS command injection

Overview Network router BCR810W/BCR860 provided by Ruijie Networks Co., Ltd. contains an OS command injection vulnerability CVE-2023-3608, CWE-78. Note that this vulnerability can only be exploited when the BCOS port of the product is connected to the Internet. JPCERT/CC has confirmed attacks...

8.8CVSS7.6AI score0.10909EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 3:5 a.m.•3 views

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

9.8CVSS8.1AI score0.2403EPSS
Exploits8References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 8:27 a.m.•3 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability CWE-79, CVE-2024-1143 because RelayState data is not properly treated when Central Dogma processes SAML messages. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

9.3CVSS6.2AI score0.00491EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 4:48 a.m.•3 views

Phormer vulnerable to cross-site scripting

Overview Phormer contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...

6.1CVSS6AI score0.00738EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/09 5:10 a.m.•3 views

Multiple vulnerabilities in MosP kintai kanri

Overview MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2024-28880 Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-29078 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities...

7.5CVSS6.9AI score0.00648EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 4:43 a.m.•3 views

WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting

Overview WordPress Plugin "Heateor Social Login WordPress" provided by Heateor contains a stored cross-site scripting vulnerability CWE-79. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.00341EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 1:19 a.m.•3 views

Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)

Overview Trend Micro Incorporated has released a security update for Trend Micro Maximum Security, fixing an improper link resolution vulnerabilityCWE-59, CVE-2024-32849. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Trend...

7.8CVSS6.7AI score0.00256EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/24 4:44 a.m.•3 views

Multiple vulnerabilities in RoamWiFi R10

Overview RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-31406 Insertion of sensitive information into log file CWE-532 - CVE-2024-32051 Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...

8.8CVSS7AI score0.00326EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 9:22 a.m.•3 views

TvRock vulnerable to cross-site request forgery

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. During the meeting of Committee for authorizing the disclosure of unresolved...

4.3CVSS6.6AI score0.00219EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/22 8:28 a.m.•3 views

Armeria-saml improperly handles SAML messages

Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...

9.1CVSS6.6AI score0.00834EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/18 4:53 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "Forminator"

Overview WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 SQL injection CWE-89 Cross-site scripting CWE-79 hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA...

9.8CVSS7.6AI score0.30361EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/10 4:55 a.m.•3 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...

6.6CVSS7AI score0.00739EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/05 6:36 a.m.•3 views

Multiple vulnerabilities in Cente middleware

Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NEXT Co., Ltd. contain multiple vulnerabilities listed below. Out-of-bounds Read caused by improper checking of the option length values in IPv6 NDP packets CWE-125 Out-of-boun...

7.5CVSS6.9AI score0.00761EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/27 6:52 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview Log files of Hitachi Disk Array Systems have the CVE-2022-36407 Plaintext Storage of Passwords vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure a...

9.9CVSS6.9AI score0.00514EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/27 5:48 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "Survey Maker"

Overview WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-34423 Insufficient verification of data authenticity CWE-345 - CVE-2023-35764 Atsuya Yoda of GMO Cybersecurity by Ierae, Inc. reported...

6.1CVSS6.3AI score0.00356EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/27 5:26 a.m.•3 views

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2024-25568 OS Command Injection CWE-78 - CVE-2024-26258 Exposure of Sensitive Information to an Unauthorized Actor CWE-200 - CVE-2024-29225 Chuya...

8.8CVSS7.5AI score0.01135EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 6:35 a.m.•3 views

0ch BBS Script (0ch) vulnerable to cross-site scripting

Overview 0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. During the meeting of...

6.1CVSS6.2AI score0.00313EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 5:19 a.m.•3 views

WebProxy vulnerable to OS command injection

Overview WebProxy provided by LunarNight Laboratory according to the original report submitted by the reporter is software to build a proxy server. WebProxy contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved...

7.3CVSS7.6AI score0.01019EPSS
Exploits0References3
Total number of security vulnerabilities5000