Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/15 7:14 a.m.•3 views

Pgpool-II vulnerable to authentication bypass by primary weakness

Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS6.7AI score0.00791EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/05/12 8:52 a.m.•3 views

Multiple vulnerabilities in GL-MT2500 and GL-MT2500A

Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...

7.5CVSS7.5AI score0.0034EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/10 6:36 a.m.•3 views

Multiple vulnerabilities in BizRobo!

Overview BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to che...

9.8CVSS7.1AI score0.84362EPSS
Exploits5References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/19 6:33 a.m.•3 views

Multiple vulnerabilities in home gateway HGW-BL1500HM

Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...

8.8CVSS6.6AI score0.00878EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 7:19 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 - CVE-2025-22888 Stored cross-site scripting vulnerability in the HTML edit mode ...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 7:39 a.m.•3 views

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

9.8CVSS7.5AI score0.01361EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/13 4:39 a.m.•3 views

Multiple vulnerabilities in FileMegane

Overview FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 - CVE-2025-20075 Authentication Bypass by Spoofing CWE-290 - CVE-2025-25055 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these...

7.2CVSS7.2AI score0.00332EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:26 a.m.•3 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

Overview NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611, CVE-2024-12298. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially...

5.5CVSS6.5AI score0.00221EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/05 5:6 a.m.•3 views

Multiple vulnerabilities in Defense Platform Home Edition

Overview Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 - CVE-2025-20094 Execution with unnecessary privileges CWE-250 - CVE-2025-22890 Improper handling of message in specific...

8.8CVSS8.1AI score0.00189EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/28 4:44 a.m.•3 views

WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS6AI score0.00262EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/27 5:25 a.m.•3 views

EXIF Viewer Classic vulnerable to cross-site scripting

Overview EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/22 4:55 a.m.•3 views

Multiple vulnerabilities in I-O DATA router UD-LT2

Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...

7.5CVSS7.6AI score0.01171EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/21 6:59 a.m.•3 views

FortiWeb vulnerable to SQL injection

Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

2.7CVSS7.5AI score0.00392EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/16 2:51 a.m.•3 views

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Overview AE1021 and AE1021PE are information outlet type wireless LAN routers provided by FXC Inc. They contain multiple vulnerabilities listed below. Weak Authentication CWE-1390 - CVE-2024-47397 OS Command Injection CWE-78 - CVE-2024-53688 Inclusion of Undocumented Features CWE-1242 -...

7.5CVSS7.7AI score0.01505EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/06 3:11 a.m.•3 views

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

Overview Trend Micro Incorporated has released the security updates for Deep Security Agent for Windows and Deep Security Notifier on DSVA for Windows VM to fix an OS command injection vulnerability CWE-78, CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notif...

9.8CVSS8AI score0.19633EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/12/02 7:38 a.m.•3 views

Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2024-11013 Cross-site request forgery WE-352 - CVE-2024-11014 RyotaK of Flatt Security Inc. reported these vulnerabilities to NEC Corporation and...

7.2CVSS7.5AI score0.0107EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/22 1:59 a.m.•3 views

Multiple vulnerabilities in Edgecross Basic Software for Windows

Overview Edgecross Basic Software for Windows provided by Edgecross Consortium contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2024-4229 External control of file name or path CWE-73 - CVE-2024-4230 Edgecross Consortium reported these vulnerabilities to...

7.8CVSS7.4AI score0.00218EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/13 5:26 a.m.•3 views

Multiple vulnerabilities in SoftBank Mesh Wi-Fi router RP562B

Overview Mesh Wi-Fi router RP562B provided by SoftBank Corp. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-29075 OS command injection CWE-78 - CVE-2024-45827 Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-47799...

8CVSS7.8AI score0.01561EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/13 4:50 a.m.•3 views

WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

Overview "Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Umeda Yuugo of Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.8CVSS5.9AI score0.0029EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/11/01 5:28 a.m.•3 views

Command injection vulnerability in Trend Micro Cloud Edge

Overview Trend Micro Incorporated has released a security update for Cloud Edge to fix a command injection vulnerability CVE-2024-48904. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact An arbitrary command may be executed on th...

9.8CVSS7.4AI score0.0246EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/30 6:7 a.m.•3 views

Hikvision network camera security enhancement to prevent cleartext transmission of Dynamic DNS credentials

Overview Multiple network cameras provided by Hangzhou Hikvision Digital Technology Co., Ltd. support two Dynamic DNS services, DynDNS and NO-IP.The user can select which to use on the GUI configuration page. Both the services provide their APIs accessible via HTTP and HTTPS, but old firmware...

6.5AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/28 5:29 a.m.•3 views

Chatwork Desktop Application (Windows) uses a potentially dangerous function

Overview Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. RyotaK of Flatt Security Inc. directly reported this vulnerability to t...

5.5CVSS7AI score0.00251EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/25 6:7 a.m.•3 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability due to inappropriate Slug handling on Article Edit CWE-79 - CVE-2024-46996 Stored cross-site scripting vulnerability on Edit Email Form Settings CWE-79 ...

7.1CVSS5.9AI score0.00328EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/16 5:12 a.m.•3 views

SHIRASAGI vulnerable to path traversal

Overview SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.6CVSS6.7AI score0.01016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/11 5:13 a.m.•3 views

Multiple vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-46897 Stored Cross-site Scripting CWE-79 - CVE-2024-47793 CVE-2024-46897 masataka sato of Mitsui Bussan Secure Directions, Inc...

5.4CVSS6.6AI score0.00356EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/01 8:51 a.m.•3 views

Apache Tomcat improper handling of TLS handshake process data

Overview Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. The reporter, Ozaki of North Grid Corporation, reported this issue directly to and coordinated with the...

8.6CVSS6.6AI score0.01702EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:15 a.m.•3 views

File Permissions Vulnerability in Hitachi Ops Center Common Services

Overview File permissions vulnerability exists in Hitachi Ops Center Common Services. CVE-2024-2819: File permission vulnerability in Hitachi Ops Center Common Services Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer ...

6.5CVSS6.8AI score0.00202EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/30 5:14 a.m.•3 views

Multiple vulnerabilities in Smart-tab

Overview Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-41999 Plaintext storage of a password CWE-256 -...

6.8CVSS7.5AI score0.00261EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/27 6:0 a.m.•3 views

MF Teacher Performance Management System vulnerable to cross-site scripting

Overview MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications...

6.1CVSS6.2AI score0.00243EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/11 9:19 a.m.•3 views

Malleability attack against executables encrypted by CBC mode with no integrity check

Overview Researchers at NTT, University of Hyogo, and NEC have identified a security issue that leads to executing arbitrary code in executable files that are encrypted by CBC mode with no integrity check. This issue has been published in ACNS 2020 . There is a risk that an encrypted executable...

7.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 7:40 a.m.•3 views

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Overview Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability CWE-352. Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...

6.5CVSS6.5AI score0.003EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/09 5:58 a.m.•3 views

Pgpool-II vulnerable to information disclosure

Overview Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/02 5:57 a.m.•3 views

Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflow

Overview Control FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability CWE-121, CVE-2024-7013. Michael Heinzl reported this vulnerability to the developer and coordinated. After the coordination was completed, Panasonic reported the case to JPCERT/CC to notify user...

7.8CVSS7.5AI score0.00284EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/30 4:58 a.m.•3 views

Multiple vulnerabilities in WordPress plugin "Carousel Slider"

Overview WordPress plugin "Carousel Slider" provided by Sayful Islam contains 2 CSRF vulnerabilities listed below. Cross-site request forgery on Carousel image selection feature CWE-352 - CVE-2024-45269 Cross-site request forgery on Hero image selection feature CWE-352 - CVE-2024-45270 RyotaK of...

4.3CVSS6.5AI score0.00256EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/29 5:7 a.m.•3 views

xfpt vulnerable to stack-based buffer overflow

Overview xfpt fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact When ...

7.8CVSS7.5AI score0.00258EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/27 5:40 a.m.•3 views

Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 - CVE-2024-34577, CVE-2024-42412 Missing...

9.8CVSS7.5AI score0.00943EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/22 2:33 a.m.•3 views

Installer of Trend Micro Security 2020 (Consumer) may insecurely load Dynamic Link Libraries

Overview Installers of Trend Micro Security 2020 Consumer family may insecurely load Dynamic Link Libraries. Multiple products provided by Trend Micro Incorporated contain the DLL search path issue, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated...

7.8CVSS6.9AI score0.01EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/20 8:52 a.m.•3 views

Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read

Overview Trend Micro Security Consumer Driver is vulnerable to Out-of-bounds Read. Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability CWE-125. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

7.8CVSS6.3AI score0.01215EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/08/06 6:13 a.m.•3 views

Firmware update for RICOH JavaTM Platform resets the TLS configuration

Overview JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer...

7.5CVSS7AI score0.0051EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 7:40 a.m.•3 views

FFRI AMC vulnerable to OS command injection

Overview FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability CWE-78. It is exploitable when the notification program setting is enabled, the executable file path is...

8.1CVSS7.2AI score0.00465EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/30 5:6 a.m.•3 views

EC-CUBE plugin (for EC-CUBE 4 series) "EC-CUBE Web API Plugin" vulnerable to stored cross-site scripting

Overview EC-CUBE plugin for EC-CUBE 4 series "EC-CUBE Web API Plugin" provided by EC-CUBE CO.,LTD. contains a stored cross-site scripting vulnerability CWE-79 in OAuth Management feature. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

6.1CVSS5.9AI score0.00271EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/29 8:51 a.m.•3 views

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Overview FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Initialization of a Resource with an Insecure Default CWE-1188 - CVE-2024-31070 Active Debug Code CWE-489 - CVE-2024-36475 OS Command Injection CWE-78 -...

10CVSS7.9AI score0.74513EPSS
Exploits2References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/07/18 4:44 a.m.•3 views

Assimp vulnerable to heap-based buffer overflow

Overview Assimp provided by Open Asset Import Library contains a heap-based buffer overflow vulnerability CWE-122. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.4CVSS7.8AI score0.00281EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/28 8:38 a.m.•3 views

Multiple TP-Link products vulnerable to OS command injection

Overview Multiple products provided by TP-LINK contains an OS command injection vulnerability CWE-78 related to the backup/restore function. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A user who logs in to the affected...

6.8CVSS7.5AI score0.00362EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/24 2:5 a.m.•3 views

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

6.1CVSS5.9AI score0.00269EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/19 7:4 a.m.•3 views

"ZOZOTOWN" App for Android fails to restrict custom URL schemes properly

Overview "ZOZOTOWN" App for Android provided by ZOZO, Inc. provides the function to access a URL requested via Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

4.3CVSS6.8AI score0.00289EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/30 5:39 a.m.•3 views

awkblog vulnerable to OS command injection

Overview awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Keigo YAMAZAKI of LAC Co., Ltd. / Nuligen Security Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

9.8CVSS7.6AI score0.01571EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 4:54 a.m.•3 views

Ruijie BCR810W/BCR860 vulnerable to OS command injection

Overview Network router BCR810W/BCR860 provided by Ruijie Networks Co., Ltd. contains an OS command injection vulnerability CVE-2023-3608, CWE-78. Note that this vulnerability can only be exploited when the BCOS port of the product is connected to the Internet. JPCERT/CC has confirmed attacks...

8.8CVSS7.6AI score0.10909EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 3:5 a.m.•3 views

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

9.8CVSS8.1AI score0.2403EPSS
Exploits8References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 8:27 a.m.•3 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability CWE-79, CVE-2024-1143 because RelayState data is not properly treated when Central Dogma processes SAML messages. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

9.3CVSS6.2AI score0.00491EPSS
Exploits0References7
Total number of security vulnerabilities5000