Lucene search
K
JvnMost viewed

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 5:53 a.m.•2 views

Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability CWE-77. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If the remote monitoring and...

9.8CVSS7.9AI score0.01207EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 5:13 a.m.•2 views

Redmine DMSF Plugin vulnerable to path traversal

Overview Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability CWE-22. Tsukuba Secure Network Research Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When the affected...

8.8CVSS6.8AI score0.00497EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/29 5:6 a.m.•2 views

EC-Orange vulnerable to authorization bypass

Overview EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability CWE-639. This is the same issue as JVN51770585 EC-CUBE vulnerable to authorization bypass. This...

9.1CVSS6.5AI score0.02245EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 4:50 a.m.•2 views

Splunk Config Explorer vulnerable to cross-site scripting

Overview Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6AI score0.00256EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/22 6:27 a.m.•2 views

LINE client for iOS vulnerable to improper server certificate verification

Overview The financial module within LINE client for iOS lacks server certificate verification in log transmission CWE-295, CVE-2023-5554. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The communication may be eavesdropped under a...

9.8CVSS6.5AI score0.00217EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/05 5:17 a.m.•2 views

Multiple vulnerabilities in PLANEX COMMUNICATIONS wireless LAN routers

Overview Wireless LAN routers provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-30219 Command Injection on certain port CWE-77 - CVE-2024-30220 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...

8.8CVSS7.8AI score0.01013EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 6:50 a.m.•2 views

"EasyRange" may insecurely load executable files

Overview "EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file...

7.8CVSS7AI score0.00188EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/26 5:27 a.m.•2 views

TvRock vulnerable to cross-site scripting

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

6.1CVSS6.1AI score0.00313EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/25 4:31 a.m.•2 views

WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery

Overview WordPress Plugin "easy-popup-show" provided by Ari Susanto contains a cross-site request forgery vulnerability CWE-352. Daiki Kojima of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer an...

6.1CVSS6.8AI score0.00231EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/08 6:27 a.m.•2 views

a-blog cms vulnerable to directory traversal

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

6.8CVSS6.9AI score0.00832EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 9:24 a.m.•2 views

FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

Overview Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability CWE-352. Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA...

6.5CVSS6.5AI score0.00201EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/03/06 9:12 a.m.•2 views

Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management

Overview Multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2024-21824 Cross-Site Request Forgery CWE-352 - CVE-2024-22475 Hiroki Yasui, Yudai Morii, Takaya...

6.1CVSS6.8AI score0.00345EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/29 4:12 a.m.•2 views

OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting

Overview OpenPNE plugin "opTimelinePlugin" provided by OpenPNE Project contains a stored cross-site scripting vulnerability CWE-79 in Edit Profile page. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.4CVSS5.8AI score0.0034EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/27 5:25 a.m.•2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Reflected cross-site scripting vulnerability in Site search Feature CWE-79 - CVE-2023-44379 Stored cross-site scripting vulnerability in Content Management CWE-79 - CVE-2024-26128 OS command...

8.1CVSS6.7AI score0.01455EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/20 5:14 a.m.•2 views

Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Overview Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2024-21798 Cross-Site Request Forgery CWE-352 - CVE-2024-23910 CVE-2024-21798 Yamaguchi Kakeru of Fujitsu Limited reported...

8.8CVSS6.4AI score0.01289EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/15 5:12 a.m.•2 views

a-blog cms vulnerable to URL spoofing

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains an URL spoofing vulnerability CWE-451. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.7CVSS6.6AI score0.00448EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/07 5:25 a.m.•2 views

Sharp NEC Display Solutions' public displays vulnerable to local file inclusion

Overview Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain a local file inclusion vulnerability CWE-22, CVE-2023-7077. Tunahan TEKEOÄžLU of Senior Cyber Security Consultant reported this vulnerability to Sharp NEC Display Solutions, Ltd. and coordinated. Sharp NEC...

9.8CVSS6.9AI score0.00694EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 5:46 a.m.•2 views

Incorrect permission assignment vulnerability in Trend Micro uiAirSupport

Overview Trend Micro Incorporated has released a security update for Trend Micro uiAirSupport. Proof-of-concept code PoC for this vulnerability is available on the Internet. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact The...

7.8CVSS7.5AI score0.00636EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/06 4:25 a.m.•2 views

Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)

Overview Cybozu KUNAI for Android is a client application for using Cybozu products from an Android device. Cybozu KUNAI for Android contains an issue allowing to send massive requests to the connected Cybozu product if a user performs certain operations on KUNAI, which may result in repeated...

7.5CVSS6.5AI score0.00754EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/05 5:54 a.m.•2 views

File and Directory Permissions Vulnerability in Hitachi Tuning Manager

Overview A File and Directory Permissions Vulnerability CVE-2023-6457 exists in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.1CVSS6.8AI score0.00141EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 4:48 a.m.•2 views

Group Office vulnerable to cross-site scripting

Overview Group Office provided by Intermesh BV contains a stored cross-site scripting vulnerability CWE-79. Yoichi Tsuzuki of FFRI Security, Inc. and Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.4CVSS5.9AI score0.00618EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/02/01 4:41 a.m.•2 views

Payment EX vulnerable to information disclosure

Overview Payment EX provided by Simplesite contains an information disclosure vulnerability CWE-200. Impact A remote unauthenticated attacker may obtain the information of the user who purchases merchandise using Payment EX. Solution Update the Software Update the software to the latest version...

7.5CVSS6.5AI score0.00571EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/22 6:57 a.m.•2 views

Access analysis CGI An-Analyzer vulnerable to open redirect

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains an open redirect vulnerability CWE-601. Tomoomi Iwata of Information-technology Promotion Agency, Japan reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

6.1CVSS6.6AI score0.00395EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/10 4:46 a.m.•2 views

Multiple vulnerabilities in Panasonic Control FPWIN Pro7

Overview Control FPWIN Pro7 provided by Panasonic contains multiple vulnerabilities listed below. Stack-based Buffer Overflow CWE-121 - CVE-2023-6314 Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 - CVE-2023-6315 Michael Heinzl reported these vulnerabilities to th...

7.8CVSS7.4AI score0.00274EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/26 6:51 a.m.•2 views

Multiple vulnerabilities in BUFFALO VR-S1000

Overview VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-45741 Argument injection CWE-88 - CVE-2023-46681 Use of hard-coded cryptographic key CWE-321 - CVE-2023-46711 Information disclosure CWE-200 - CVE-2023-51363...

7.8CVSS7.2AI score0.00329EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/07 6:9 a.m.•2 views

FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection Critical

Overview "AE1021PE" and "AE1021" provided by FXC Inc. are information outlet-based wireless LAN routers. "AE1021PE" and "AE1021" contain an OS command injection vulnerability CWE-78. JPCERT/CC has confirmed the communication which exploits this vulnerability. Ryu Kuki, Takayuki Sasaki, and...

8.8CVSS7.7AI score0.50729EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/04 4:45 a.m.•2 views

RakRak Document Plus vulnerable to path traversal

Overview RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.8CVSS6.7AI score0.00874EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/17 5:32 a.m.•2 views

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability CWE-79 due to improper character string processing. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00397EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/11/14 5:5 a.m.•2 views

OSS Calendar vulnerable to SQL injection

Overview OSS Calendar provided by Thinkingreed Inc. contains an SQL injection vulnerability CWE-89. Shogo Iyota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

8.8CVSS8.1AI score0.01089EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/27 5:46 a.m.•2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-29009 Reflected cross-site scripting vulnerability CWE-79 - CVE-2023-43647 Directory traversal vulnerability CWE-22 - CVE-2023-43648...

9.8CVSS6.8AI score0.0097EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/25 6:18 a.m.•2 views

Movable Type vulnerable to cross-site scripting

Overview Movable Type provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

5.4CVSS6.2AI score0.00354EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/18 9:0 a.m.•2 views

Improper restriction of XML external entity references (XXE) in Proself

Overview Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. North Grid Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

7.5CVSS6.9AI score0.03542EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/04 6:23 a.m.•2 views

DoS Vulnerability in Hitachi Ops Center Common Services

Overview A DoS vulnerability CVE-2023-3967 exists in Hitachi Ops Center Common Services. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.00515EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/20 4:58 a.m.•2 views

Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution

Overview Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability CWE-94, CVE-2023-41179 in 3rd Party AV Uninstaller Module. Trend Micro Incorporated states that an attack exploiting this vulnerability has been...

9.1CVSS7.7AI score0.04739EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/11 4:53 a.m.•2 views

Pyramid vulnerable to directory traversal

Overview Pyramid provided by Pylons Project contains a directory traversal vulnerability. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact index.html located one directory abov...

5.3CVSS6.5AI score0.00632EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/09/06 5:33 a.m.•2 views

"direct" Desktop App for macOS fails to restrict access permissions

Overview "direct" Desktop App for macOS provided by L is B Corp. fails to restrict access permissions CWE-284. The access control mechanism provided by macOS "TCC Transparency Consent and Control" may be bypassed. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/C...

5.5CVSS6.5AI score0.00163EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/24 5:12 a.m.•2 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/24 4:34 a.m.•2 views

"Skylark" App fails to restrict custom URL schemes properly

Overview "Skylark" App provided by SKYLARK HOLDINGS CO., LTD. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939, CVE-2023-40530, CVE-2024-54014 which may be exploited to direct the App to access any sites...

4.7CVSS6.6AI score0.0049EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/23 3:42 a.m.•2 views

Rakuten WiFi Pocket vulnerable to improper authentication

Overview Rakuten WiFi Pocket provided by Rakuten Mobile, Inc. is a mobile router. Management Screen of Rakuten WiFi Pocket contains an improper authentication vulnerability CWE-287. Sato Nobuhiro of Suzuki Motor Corporation and You Okuma of LAC Co., Ltd. reported this vulnerability to IPA...

5.4CVSS6.6AI score0.00276EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/22 8:35 a.m.•2 views

Multiple vulnerabilities in CBC digital video recorders

Overview Digital video recorders provided by CBC Co.,Ltd. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-38585 OS command injection CWE-78 - CVE-2023-40144 Hidden functionality CWE-912 - CVE-2023-40158 Yoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and...

8.8CVSS8AI score0.01583EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/21 5:5 a.m.•2 views

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

Overview WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryotaro Imamura of SB Technology Corp. and Satoo Nakano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS6.1AI score0.0148EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/18 4:47 a.m.•2 views

Multiple vulnerabilities in Proself

Overview Proself provided by North Grid Corporation is an online storage server software. Proself contains multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-39415 OS command injection CWE-78 - CVE-2023-39416 The developer states that attacks exploiting these...

7.5CVSS8.2AI score0.0087EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/07 8:39 a.m.•2 views

"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly

Overview "FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly CWE-703. When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat,...

4.3CVSS6.5AI score0.00285EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/08/03 4:42 a.m.•2 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2023-38746 Heap-based buffer overflow CWE-122 - CVE-2023-38747 Use after free CWE-416 - CVE-2023-38748 Michael Heinzl reported these vulnerabilities to JPCERT/CC...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/27 9:12 a.m.•2 views

Fujitsu network devices Si-R series and SR-M series vulnerable to authentication bypass

Overview The web management interface of Fujitsu network devices Si-R series and SR-M series contains an authentication bypass vulnerability CWE-287,CVE-2023-38555. Katsuhiko Sato a.k.a. gorohkun of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

8.8CVSS6.9AI score0.00332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/26 9:0 a.m.•2 views

Fujitsu Real-time Video Transmission Gear "IP series" uses a hard-coded credentials

Overview Real-time Video Transmission Gear "IP series" provided by Fujitsu Limited uses a hard-coded credentials CWE-798 . The product's credentials for factory testing may be obtained by reverse engineering and others. Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of i...

7.5CVSS6.6AI score0.0299EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/24 6:44 a.m.•2 views

Improper restriction of XML external entity references (XXE) in Applicant Programme

Overview Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/21 6:2 a.m.•2 views

GBrowse vulnerable to unrestricted upload of files with dangerous types

Overview GBrowse provided by Generic Model Organism Database Project is a web-based genome browser. GBrowse allows the users to upload their own data in several file formats see "GBrowse User Uploads". The affected versions of GBrowse accept files with any formats uploaded CWE-434, and place them...

9.8CVSS7.8AI score0.00984EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/19 5:48 a.m.•2 views

File and Directory Permissions Vulnerability in Hitachi Command Suite

Overview A File and Directory Permissions Vulnerability CVE-2020-36695 exists in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

7.8CVSS6.9AI score0.00148EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/07/18 6:22 a.m.•2 views

Improper restriction of XML external entity references (XXE) in XBRL data create application

Overview XBRL data create application provided by Financial Services Agency improperly restricts XML external entity references XXE CWE-611. Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Total number of security vulnerabilities5000