Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 5:23 a.m.•1 views

Multiple vulnerabilities in UTAU

Overview UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-28886 Path Traversal CWE-22 - CVE-2024-32944 Yu Ishibashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

8.4CVSS7.4AI score0.00663EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 3:28 a.m.•6 views

OMRON NJ/NX series vulnerable to insufficient verification of data authenticity

Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain an issue with insufficient verification of data authenticity CWE-345. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user program in the...

7.5CVSS6.5AI score0.00193EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 12:0 a.m.•19 views

JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast

Unifier and Unifier Cast provided by Yokogawa Rental & Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for coejobhoo...

9.8CVSS7.6AI score0.00546EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/28 12:0 a.m.•29 views

JVN#71404925: Multiple vulnerabilities in UTAU

UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score 5.3 CVE-2024-28886 Path Traversal CWE-22 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.3 CVE-2024-32944 Impact If a user of...

8.4CVSS8.8AI score0.00663EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 4:50 a.m.•2 views

Splunk Config Explorer vulnerable to cross-site scripting

Overview Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS6AI score0.00256EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 4:41 a.m.•4 views

WordPress Plugin "WP Booking" vulnerable to cross-site scripting

Overview WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.8AI score0.0037EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 12:0 a.m.•19 views

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to...

6.1CVSS5.8AI score0.00256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/24 12:0 a.m.•22 views

JVN#35838128: WordPress Plugin "WP Booking" vulnerable to cross-site scripting

WordPress Plugin "WP Booking" provided by aviplugins.com contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update the plugin Update the plugin to the late...

4.7CVSS8.7AI score0.0037EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/21 4:33 a.m.•5 views

Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Overview Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Kenichiro Ito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

4.8CVSS6.5AI score0.00217EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/21 12:0 a.m.•20 views

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the...

4.8CVSS4.8AI score0.00217EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 6:46 a.m.•5 views

Panasonic KW Watcher vulnerable to memory buffer error

Overview KW Watcher provided by Panasonic contains a vulnerability due to improper restriction of operations within the bounds of a memory buffer CWE-119, CVE-2024-4162. Michael Heinzl reported this vulnerability to Panasonic and coordinated. After the coordination was completed, Panasonic report...

4.4CVSS6.8AI score0.00172EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 4:54 a.m.•3 views

Ruijie BCR810W/BCR860 vulnerable to OS command injection

Overview Network router BCR810W/BCR860 provided by Ruijie Networks Co., Ltd. contains an OS command injection vulnerability CVE-2023-3608, CWE-78. Note that this vulnerability can only be exploited when the BCOS port of the product is connected to the Internet. JPCERT/CC has confirmed attacks...

8.8CVSS7.6AI score0.10909EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 4:33 a.m.•4 views

WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

Overview WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to WPFactory LLC and coordinated. After the coordination was completed, th...

6.5CVSS6.7AI score0.00669EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 3:5 a.m.•3 views

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

9.8CVSS8.1AI score0.2403EPSS
Exploits8References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/17 12:0 a.m.•30 views

JVN#85380030: WordPress Plugin "Download Plugins and Themes from Dashboard" vulnerable to path traversal

WordPress Plugin "Download Plugins and Themes from Dashboard" provided by WPFactory LLC contains a path traversal vulnerability CWE-22. Impact The user with "switchthemes" privilege may obtain arbitrary files on the server. Solution Update the plugin Update the plugin to the latest version...

6.5CVSS6.7AI score0.00669EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 8:27 a.m.•3 views

Central Dogma vulnerable to cross-site scripting

Overview Central Dogma provided by LY Corporation contains a cross-site scripting vulnerability CWE-79, CVE-2024-1143 because RelayState data is not properly treated when Central Dogma processes SAML messages. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution...

9.3CVSS6.2AI score0.00491EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 6:19 a.m.•4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3167 Improper handling of data in Mail CWE-231 - CVE-2024-31397 CyVDB-3221 Improper restriction on the output of some API CWE-201 - CVE-2024-31398 CyVDB-3238 Excessive resource consumption in Mai...

9CVSS6.4AI score0.00504EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/13 12:0 a.m.•60 views

JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...

9CVSS5.5AI score0.00504EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 6:11 a.m.•2 views

"OfferBox" App uses a hard-coded secret key

Overview "OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Yuta Yamate of Rakuten Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The hard-coded secret key for...

7.5CVSS6.6AI score0.00365EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 4:59 a.m.•2 views

Hidden Functionality vulnerability in DT900

Overview DT900 contains a Hidden Functionality vulnerabilityCWE-912. Specified versions allow an attacker to access the system setting. reported by Mr. Gianluca Altomani and Mr. Manuel Romei. for NEC-PSIRT Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...

9.1CVSS6.8AI score0.00687EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 4:48 a.m.•3 views

Phormer vulnerable to cross-site scripting

Overview Phormer contains a cross-site scripting vulnerability CWE-79. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...

6.1CVSS6AI score0.00738EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 12:0 a.m.•21 views

JVN#61054671: Phormer vulnerable to cross-site scripting

Phormer contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user. Solution Update the Software Update the software to the latest version according to the information provided by the developer. Phormer version 3.35 was released...

6.1CVSS5.8AI score0.00738EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/10 12:0 a.m.•27 views

JVN#83405304: "OfferBox" App uses a hard-coded secret key

"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...

7.5CVSS7.2AI score0.00365EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/09 5:10 a.m.•3 views

Multiple vulnerabilities in MosP kintai kanri

Overview MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal CWE-22 - CVE-2024-28880 Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-29078 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities...

7.5CVSS6.9AI score0.00648EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/09 12:0 a.m.•26 views

JVN#97751842: Multiple vulnerabilities in MosP kintai kanri

MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28880 Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Bas...

7.5CVSS6.8AI score0.00648EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 4:43 a.m.•3 views

WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting

Overview WordPress Plugin "Heateor Social Login WordPress" provided by Heateor contains a stored cross-site scripting vulnerability CWE-79. Daiki Sato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS5.9AI score0.00341EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 1:19 a.m.•3 views

Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)

Overview Trend Micro Incorporated has released a security update for Trend Micro Maximum Security, fixing an improper link resolution vulnerabilityCWE-59, CVE-2024-32849. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Trend...

7.8CVSS6.7AI score0.00256EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/05/08 12:0 a.m.•28 views

JVN#87694318: WordPress Plugin "Heateor Social Login WordPress" vulnerable to cross-site scripting

WordPress Plugin "Heateor Social Login WordPress" provided by Heateor contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the website using the product. Solution Update the plugin Update the plugin to...

5.4CVSS5.6AI score0.00341EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/25 2:21 a.m.•1 views

NETGEAR routers vulnerable to buffer overflow

Overview Multiple routers provided by NETGEAR Inc. contain a buffer overflow vulnerability CWE-121, CVE-2023-27368. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An unauthenticated attacker may bypass authentication for th...

8.8CVSS7.4AI score0.00782EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/24 4:44 a.m.•3 views

Multiple vulnerabilities in RoamWiFi R10

Overview RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 - CVE-2024-31406 Insertion of sensitive information into log file CWE-532 - CVE-2024-32051 Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...

8.8CVSS7AI score0.00326EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/24 1:13 a.m.•4 views

Multiple vulnerabilities in OMRON Sysmac Studio/CX-One and CX-Programmer

Overview OMRON Sysmac Studio/CX-One and CX-Programmer contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2024-31412 Free of pointer not at start of buffer CWE-761 - CVE-2024-31413 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with t...

7.8CVSS7.6AI score0.00245EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/24 12:0 a.m.•34 views

JVN#62737544: Multiple vulnerabilities in RoamWiFi R10

RoamWiFi R10 provided by RoamWiFi Technology Co., Ltd. contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-31406 Insertion of sensitive information into log file CWE-532...

8.8CVSS7.3AI score0.00326EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 9:22 a.m.•3 views

TvRock vulnerable to cross-site request forgery

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. During the meeting of Committee for authorizing the disclosure of unresolved...

4.3CVSS6.6AI score0.00219EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 9:21 a.m.•7 views

TvRock vulnerable to denial-of-service (DoS)

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. During the meeting of Committee for authorizing the disclosure of unresolved...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 12:0 a.m.•16 views

JVN#40079147: TvRock vulnerable to denial-of-service (DoS)

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a denial-of-service DoS vulnerability CWE-400. Impact Receiving a specially crafted request by a remote attacker or having a user of TVRock cli...

4.3CVSS6.6AI score0.00611EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/23 12:0 a.m.•13 views

JVN#24683352: TvRock vulnerable to cross-site request forgery

TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...

4.3CVSS4.6AI score0.00219EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/22 8:28 a.m.•3 views

Armeria-saml improperly handles SAML messages

Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...

9.1CVSS6.6AI score0.00834EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/22 6:27 a.m.•2 views

LINE client for iOS vulnerable to improper server certificate verification

Overview The financial module within LINE client for iOS lacks server certificate verification in log transmission CWE-295, CVE-2023-5554. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The communication may be eavesdropped under a...

9.8CVSS6.5AI score0.00217EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/18 4:53 a.m.•3 views

Multiple vulnerabilities in WordPress Plugin "Forminator"

Overview WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 SQL injection CWE-89 Cross-site scripting CWE-79 hibiki moriyama of STNet, Incorporated reported these vulnerabilities to IPA...

9.8CVSS7.6AI score0.30361EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/18 12:0 a.m.•42 views

JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"

WordPress Plugin "Forminator" provided by WPMU DEV contains multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2024-28890 SQL injection CWE-89 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H...

7.2CVSS6.5AI score0.30361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/16 5:30 a.m.•6 views

Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

Overview M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. CYNEX Analysis Team of National Institute of Information and Communications Technology reported this vulnerability to...

9.8CVSS7.7AI score0.02311EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/16 12:0 a.m.•39 views

JVN#23835228: Proscend Communications M330-W and M330-W5 vulnerable to OS command injection

M330-W and M330-W5 provided by Proscend Communications Inc. are LTE Industrial Cellular Routers. M330-W and M330-W5 contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker who has access to the product. Solution Update the firmware The...

9.8CVSS8.3AI score0.02311EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/15 7:29 a.m.•7 views

Multiple vulnerabilities in BUFFALO wireless LAN routers

Overview Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 OS Command Injection CWE-78 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

9.8CVSS7.6AI score0.00561EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/15 12:0 a.m.•44 views

JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers

Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486 OS Command Injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base...

9.8CVSS6.7AI score0.00561EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/10 4:55 a.m.•3 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...

6.6CVSS7AI score0.00739EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/10 12:0 a.m.•28 views

JVN#70977403: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2024-30419 Server-side request forgery CWE-918...

6.6CVSS6.3AI score0.00739EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/08 4:44 a.m.•5 views

Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

Overview WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79 - CVE-2024-26019 Stored cross-site scripting in custom fields for labels...

8.8CVSS6.2AI score0.00532EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/08 12:0 a.m.•36 views

JVN#50361500: Multiple vulnerabilities in WordPress Plugin "Ninja Forms"

WordPress Plugin "Ninja Forms" provided by Saturday Drive contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-25572 Stored cross-site scripting in submit processing CWE-79...

8.8CVSS8.7AI score0.00532EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/05 6:36 a.m.•3 views

Multiple vulnerabilities in Cente middleware

Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NEXT Co., Ltd. contain multiple vulnerabilities listed below. Out-of-bounds Read caused by improper checking of the option length values in IPv6 NDP packets CWE-125 Out-of-boun...

7.5CVSS6.9AI score0.00761EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/04/05 5:53 a.m.•4 views

Multiple vulnerabilities in NEC Aterm series

Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 - CVE-2024-28006 Incorrect Permission...

9.8CVSS8AI score0.00743EPSS
Exploits0References20
Total number of security vulnerabilities5625