Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/16 6:7 a.m.•3 views

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability CWE-78. Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through...

9.1CVSS7.7AI score0.0397EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/15 6:52 a.m.•3 views

Calsos CSDJ fails to restrict access permissions

Overview Calsos CSDJ provided by NEC Platforms, Ltd. fails to restrict access permissions CWE-264, which may lead to an unauthorized user being able to view the historical data without access privileges. Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this...

5.3CVSS6.5AI score0.01191EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/09 6:8 a.m.•3 views

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview A cross-site scripting vulnerability was found in Hitachi Application Server Help. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/02/04 6:42 a.m.•3 views

Trend Micro HouseCall for Home Networks (Windows Edition) may insecurely load Dynamic Link Libraries

Overview HouseCall for Home Networks Windows Edition provided by Trend Micro Incorporated contains an issue with the DLL search path. By reading a malicious DLL placed in the folder specified by the PATH environment variable, arbitrary code with an escalated privilege may be executed CWE-427. Tre...

7.8CVSS7.5AI score0.00749EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/27 9:31 a.m.•3 views

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

9CVSS7.1AI score0.02156EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/26 7:33 a.m.•3 views

Multiple vulnerabilities in multiple ELECOM products

Overview Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Script injection in web setup page CWE-74 - CVE-2021-20644 Stored cross-site scripting CWE-79 - CVE-2021-20645 Cross-site request forgery CWE-352 ...

10CVSS7.5AI score0.99975EPSS
Exploits6References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/25 7:21 a.m.•3 views

TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection

Overview ​TP-Link TL-WR841N is a wifi router for home networks. The firmware version 161028 for hardware version V13 JP is reported vulnerable to OS command injection CWE-78. According to the vendor, the firmware for hardware version V14 JP is not affected. Koh You Liang of 3-shake Inc. reported...

9CVSS7.5AI score0.42285EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/01/14 7:22 a.m.•3 views

Multiple vulnerabilities in acmailer

Overview acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Privilege Chaining CWE-268 - CVE-2021-20618 ma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution...

10CVSS7.3AI score0.07871EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/21 8:48 a.m.•3 views

Improper certificate validation vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview The Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer contains improper certificate validation vulnerability. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the...

6.9AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/18 8:0 a.m.•3 views

Management software for NEC Storage disk array system vulnerable to improper server certificate verification

Overview Management software for NEC Storage disk array system provided by NEC Corporation is vulnerable to improper server certificate verification CWE-295. Masaaki KOBAYASHI reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.8CVSS6.5AI score0.00331EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/12/08 3:34 a.m.•3 views

ServerProtect for Linux vulnerable to heap-based buffer overflow

Overview Kernel Hook Module for ServerProtect for Linux provided by Trend Micro Incorporated contains a heap-based buffer overflow vulnerability CWE-122. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact An attacker who can...

6.7CVSS7.5AI score0.00665EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/25 5:54 a.m.•3 views

Multiple vulnerabilities in GROWI

Overview GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2020-5676 Reflected cross-site scripting vulnerability due to a flaw in processing input URLs CWE-79 - CVE-2020-5677 Stored cross-site scripting vulnerability due to a flaw...

7.5CVSS6AI score0.0177EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/20 6:39 a.m.•3 views

The installers of multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries

Overview The installers of multiple products by SEIKO EPSON CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

7.8CVSS7.1AI score0.00341EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/19 9:3 a.m.•3 views

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Overview Trend Micro Security 2020 Consumer provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Trend Micro Incorporated...

6.3CVSS6.7AI score0.00298EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:13 a.m.•3 views

Multiple vulnerabilities in KonaWiki3

Overview KonaWiki3 is a lightweight wiki clone that supports Japanese wiki notation. KonaWiki3 contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2020-5670 Path Traversal CWE-22 - CVE-2020-5671 Stored Cross-site Scripting CWE-79 - CVE-2020-5672 Reflected Cross-site...

6.1CVSS6.1AI score
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/18 9:1 a.m.•3 views

Movable Type Premium vulnerable to cross-site scripting

Overview Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

6.1CVSS6AI score0.00585EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/11/09 6:10 a.m.•3 views

Multiple vulnerabilities in XOOPS module "XooNIps"

Overview XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2020-5659 Reflected cross-site scripting CWE-79 - CVE-2020-5662 Stored cross-site scripting CWE-79 - CVE-2020-5663 Deserialization of untrusted data CWE-502 - CVE-2020-5664 stypr of Flatt...

9.8CVSS7.1AI score0.02611EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/10/14 6:32 a.m.•3 views

WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery

Overview WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability CWE-352. Yusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the...

8.8CVSS6.5AI score0.00818EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/30 6:37 a.m.•3 views

InfoCage SiteShell installs their files with improper access permissions

Overview InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions CWE-732. Especially, the service executable files can be modified by Everyone users. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN...

7.8CVSS7.3AI score0.00397EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/23 6:26 a.m.•3 views

Multiple vulnerabilities in Active Update function implemented in multiple Trend Micro products

Overview Active Update function implemented in Premium Security 2019 for Windows v15, Maximum Security 2019 for Windows v15, Internet Security 2019 for Windows v15 and Antivirus+ 2019 for Windows v15 provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Update files...

7.5CVSS7.4AI score0.01772EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/09/07 5:24 a.m.•3 views

Yodobashi App for Android fails to restrict access permissions

Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. implements the function to access a requested URL using an Intent. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an Intent from an arbitrary App and to...

6.1CVSS6.7AI score0.00864EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/08/27 6:37 a.m.•3 views

Multiple vulnerabilities in XOOPS module "XooNIps"

Overview XOOPS module "XooNIps" contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2020-5624 Cross-site Scripting CWE-79 - CVE-2020-5625 Neuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science reported this...

9.8CVSS7.6AI score0.01405EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/29 5:48 a.m.•3 views

TOYOTA MOTOR's Global TechStream vulnerable to buffer overflow

Overview Global TechStream GTS is a diagnostic tool that Toyota Motor Corporation provides for Toyota dealers technicians and independent repairers to utilize. Global TechStream GTS contains a buffer overflow vulnerability CWE-121. Tomoya Kitagawa of LAC Co., Ltd. reported this vulnerability to...

9.3CVSS7.9AI score0.01369EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/28 6:47 a.m.•3 views

JavaFX WebEngine does not properly restrict Java method execution

Overview JavaFX, GUI library for Java applications, is provided with OracleJDK 7 through 10. Since OracleJDK 11, JavaFX is separately maintained and developed by OpenJFX project under OpenJDK community. JavaFX WebEngine component is capable of web content rendering, and possible to be configured ...

8.8CVSS7.3AI score0.4136EPSS
Exploits8References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/22 5:24 a.m.•3 views

WordPress Plugin "Social Sharing Plugin" vulnerable to cross-site request forgery

Overview WordPress Plugin "Social Sharing Plugin" provided by Social Rocket contains a cross-site request forgery vulnerability CWE-352. Akio Furui of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the...

8.8CVSS6.6AI score0.01163EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/09 6:8 a.m.•3 views

SHIRASAGI vulnerable to open redirect

Overview SHIRASAGI provided by SHIRASAGI Project contains an open redirect vulnerability CWE-601. Ryoya Koyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

6.1CVSS6.5AI score0.01204EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/07/08 7:4 a.m.•3 views

Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object

Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...

8.1CVSS7.4AI score0.01996EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/06/29 7:17 a.m.•3 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu, Inc. has released security updates for Cybozu Garoon. CyVDB-2083 Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580 CyVDB-2451 Path traversal vulnerability on the portal - CVE-2020-5581 CyVDB-2097 Vulnerability to bypass operation...

8.5CVSS6.6AI score0.018EPSS
Exploits0References24
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/06/05 6:16 a.m.•3 views

XACK DNS vulnerable to denial-of-service (DoS)

Overview XACK DNS is DNS server software provided by XACK, Inc. XACK DNS contains a denial-of-service DoS vulnerability due to an issue commonly referred to as NXNSAttack. XACK, Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and XACK, Inc. coordinat...

8.6CVSS6.8AI score0.01639EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/05/29 6:40 a.m.•3 views

Multiples security updates for multiple Cybozu products

Overview Cybozu, Inc. has released multiple security updates for multiple Cybozu products. CyVDB-2465 Credential Disclosure Vulnerability - CVE-2020-5572 CyVDB-2484 Credential Disclosure Vulnerability - CVE-2020-5573 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these...

4.6CVSS6.7AI score0.00335EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/05/13 9:6 a.m.•3 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.3CVSS6.2AI score0.00782EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/24 6:32 a.m.•3 views

Multiple SHARP Android devices vulnerable to information disclosure

Overview Multiple SHARP Android devices contain an information disclosure vulnerability CWE-200. Impact Sensitive information of the device may be obtained by the other android application installed in the device. Solution Update the Firmware Update the firmware to the latest version according to...

7.5CVSS6.3AI score0.01203EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/04/07 5:49 a.m.•3 views

Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads

Overview Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary PHP code may be executed. Solution...

7.2CVSS7.2AI score0.013EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/31 8:44 a.m.•3 views

Multiple Yamaha network devices vulnerable to denial-of-service (DoS)

Overview Multiple network devices provided by Yamaha Corporation contain a denial-of-service DoS vulnerability. NIWA Naoya of Amano Lab, Dept. of Information and Computer Science, Faculty of Science and Technology, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.8CVSS6.9AI score0.01419EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/25 12:50 a.m.•3 views

WL-Enq (WEB Enquete) vulnerable to OS command injection

Overview WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was...

10CVSS8AI score0.02274EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 8:59 a.m.•3 views

mailform vulnerable to PHP code execution

Overview mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. During the meeting of Committee for authorizing the disclosure of unresolved...

10CVSS7.4AI score0.02274EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 8:53 a.m.•3 views

Multiple vulnerabilities in Shihonkanri Plus GOOUT

Overview Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter...

9.1CVSS6.7AI score0.01935EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 8:47 a.m.•3 views

Shihonkanri Plus GOOUT vulnerable to OS command injection

Overview Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains an OS command injection CWE-78 vulnerability. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...

10CVSS7.5AI score0.02274EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/03/24 8:40 a.m.•3 views

Cute News vulnerable to PHP code execution

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

9CVSS7.8AI score0.0205EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/19 5:34 a.m.•3 views

Multiple vulnerabilities in Aterm WG2600HS

Overview Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2020-5533 OS command injection CWE-78 - CVE-2020-5534 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

8CVSS7.3AI score0.0087EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/18 3:10 a.m.•3 views

Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000

Overview MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function IPnet of VxWorks, a real-time OS distributed by Wind River. Q24DHCCPU-V and Q24DHCCPU-VG Buffer...

9.8CVSS7.2AI score0.84177EPSS
Exploits7References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/02/06 3:29 a.m.•3 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79 in block editor and rich text editor. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the...

6.1CVSS6AI score0.00839EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2020/01/08 5:22 a.m.•3 views

F-RevoCRM vulnerable to cross-site scripting

Overview F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying t...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/24 7:2 a.m.•3 views

Multiple Vulnerabilities in Hitachi Automation Director

Overview Multiple vulnerabilities have been found in Hitachi Automation Director. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/17 4:55 a.m.•3 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Directory traversal in the "Customapp" function CWE-22 - CVE-2019-6022 Browse restriction bypass in the application "Address" CWE-284 - CVE-2019-6023 Two vulnerabilities were reported by the following...

7.7CVSS7AI score0.02021EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/12 5:55 a.m.•3 views

Multiple vulnerabilities in "Custom Body Class"

Overview WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Cross-site Request Forgery CWE-352 - CVE-2019-6030 Shirai Masatake of Cryptography Laboratory,Department of Information and Communicati...

8.8CVSS6.7AI score0.00937EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/12/03 4:34 a.m.•3 views

Multiple MOTEX products vulnerable to privilege escalation

Overview LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability. Mitsuaki Mitch Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.8CVSS7.3AI score0.00419EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/26 9:16 a.m.•3 views

WordPress Plugin "WP Spell Check" vulnerable to cross-site request forgery

Overview WordPress Plugin "WP Spell Check" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Takuya Yamaguchi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported these vulnerabilities...

8.8CVSS6.7AI score0.00678EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/11 5:9 a.m.•3 views

Information Disclosure Vulnerability in Hitachi Command Suite

Overview An Information Disclosure Vulnerability was found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.5AI score0.01376EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2019/11/07 5:50 a.m.•3 views

Rakuma App vulnerable to authentication information disclosure

Overview Rakuma App provided by Rakuten, Inc. contains an authentication information disclosure vulnerability CWE-200. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.5CVSS6.3AI score0.02039EPSS
Exploits0References6
Total number of security vulnerabilities5000