Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/22 12:0 a.m.83 views

JVN#53871926: EC-CUBE improperly handles HTTP Host header values

EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. Impact A remote attacker may direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users. Solution Apply Workaround Apply the following workaround to avoid...

5.3CVSS5.2AI score0.01138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/22 12:0 a.m.55 views

JVN#67108459: EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery

EC-CUBE plugin "Mail Magazine Management Plugin" provided by EC-CUBE CO.,LTD. contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in to EC-CUBE which the plugin is installed, Mail Magazine Templates...

4.3CVSS4.6AI score0.00465EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/18 6:55 a.m.4 views

Multiple vulnerabilities in a-blog cms

Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Cross-site scripting CWE-79 - CVE-2022-23916 Template injection CWE-1336 - CVE-2022-23810 Authentication bypass CWE-291 - CVE-2022-21142 CVE-2022-24374 iwama...

9.8CVSS7.2AI score0.01523EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/18 5:55 a.m.4 views

Trend Micro Antivirus for MAC vulnerable to privilege escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for MAC. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A user who can log in to the system where the affected product is installed may...

7.8CVSS6.7AI score0.00414EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/18 12:0 a.m.62 views

JVN#14706307: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24374 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score: 3.5...

9.8CVSS7.4AI score0.01523EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/17 6:20 a.m.4 views

Multiple vulnerabilities in phpUploader

Overview phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 SQL Injection CWE-89 - CVE-2022-23986 Toyama Taku reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

7.5CVSS7.4AI score0.01664EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/17 12:0 a.m.44 views

JVN#00095004: Multiple vulnerabilities in phpUploader

phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 SQ...

7.5CVSS7.1AI score0.01664EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/09 6:49 a.m.3 views

HPE Agentless Management registers unquoted service paths

Overview HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths CWE-428. Daisuke Ota of PwC Consulting LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.2CVSS6.6AI score0.00237EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/09 12:0 a.m.139 views

JVN#12969207: HPE Agentless Management registers unquoted service paths

HP Agentless Management provided by Hewlett Packard Enterprise registers some Windows services with unquoted file paths CWE-428. Impact When a registered Windows service path contains spaces and is unquoted, and a malicious executable is placed on a certain path, the executable may be executed wi...

6.7CVSS6.8AI score0.00237EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 8:15 a.m.1 views

Cross-site Scripting Vulnerability in JP1/IT Desktop Management 2

Overview A Cross-site Scripting vulnerability was found in JP1/IT Desktop Management 2. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 7:33 a.m.3 views

CSV+ vulnerable to cross-site scripting

Overview CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Satoki Tsuji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a CSV file containing a t...

9.6CVSS6.2AI score0.03174EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 7:13 a.m.5 views

Multiple vulnerabilities in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Cross-site scripting CWE-79 - CVE-2022-21799 CVE-2022-21173 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 12:0 a.m.61 views

JVN#17482543: Multiple vulnerabilities in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2022-21173 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:C/I:C/A:C| Base...

8.8CVSS6.8AI score0.00447EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/07 5:18 a.m.3 views

Multiple ESET products for macOS vulnerable to improper server certificate verification

Overview Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. KOBAYASHI Yasuyuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

5.9CVSS6.5AI score0.0166EPSS
Exploits4References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/07 12:0 a.m.43 views

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to alter the data received by the affected products. Solution Update the software Update the software to the latest version according to the...

5.9CVSS5.4AI score0.0166EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/04 12:0 a.m.30 views

JVN#67396225: CSV+ vulnerable to cross-site scripting

CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Impact If a CSV file containing a tag is loaded and the link is clicked by the user of the software, an arbitrary script or OS command may be executed. Solution Update the Software Update...

9.6CVSS8.9AI score0.03174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/25 6:31 a.m.4 views

Multiple vulnerabilities in TransmitMail

Overview TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Cross-site scripting CWE-79 - CVE-2022-21193 ishiyuriniwa reported...

7.5CVSS6.7AI score0.02001EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/25 4:35 a.m.6 views

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Overview Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Directory Traversal CWE-22 - CVE-2022-23119 Code Injection CWE-94 - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept PoC code...

7.8CVSS7.8AI score0.2225EPSS
Exploits2References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/25 12:0 a.m.46 views

JVN#70100915: Multiple vulnerabilities in TransmitMail

TransmitMail is a PHP based mail form system. TransmitMail contains multiple vulnerabilities listed below. Directory traversal vulnerability due to the improper validation of external input values CWE-22 - CVE-2022-22146 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS7.1AI score0.02001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/24 5:7 a.m.6 views

GROWI vulnerable to authorization bypass through user-controlled key

Overview GROWI provided by WESEEK, Inc. contains an authorization bypass through user-controlled key vulnerability CWE-639, CVE-2021-3852. huntr first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as an intermediator. After the coordination between huntr and WESEE...

7.5CVSS7.2AI score0.00808EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/20 6:42 a.m.2 views

Multiple cross-site scripting vulnerabilities in php_mailform

Overview phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Reflected cross-site scripting vulnerability regarding the attached file name CWE-79 -...

6.1CVSS6.2AI score0.00955EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/20 12:0 a.m.24 views

JVN#16690037: Multiple cross-site scripting vulnerabilities in php_mailform

phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base...

6.1CVSS6.5AI score0.00955EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/19 5:0 a.m.3 views

Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

Overview Multiple Canon laser printers and small office multifunctional printers contain a stored cross-site scripting vulnerability CWE-79. Murashima Masahiro of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

4.8CVSS5.9AI score0.00842EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/19 12:0 a.m.46 views

JVN#64806328: Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting

Multiple Canon laser printers and small office multifunctional printers contain a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the product settings screen. Solution Update the firmware Update the...

4.8CVSS4.9AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 6:26 a.m.7 views

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

Overview PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.9CVSS6.5AI score0.00107EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 6:21 a.m.2 views

Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

Overview Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability CWE-522. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS6.5AI score0.00342EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 12:0 a.m.42 views

JVN#19826500: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Impact A user who can physically access the products may obtain the stored passwords. Solution Stop using the products The developer states that the products are no longer...

4.6CVSS4.6AI score0.00107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/13 12:0 a.m.37 views

JVN#81479705: Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials

Label printers "TEPRA" PRO SR5900P / SR-R7900P provided by KING JIM CO.,LTD. contain an insufficiently protected credentials vulnerability CWE-522. Impact An attacker who can access the products via network may obtain credentials to connect to the Wi-Fi access point with the infrastructure mode...

4.3CVSS4.4AI score0.00342EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 6:37 a.m.5 views

Jimoty App for Android uses a hard-coded API key for an external service

Overview Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact API key for...

4CVSS6.5AI score0.00203EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 6:33 a.m.3 views

Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

Overview WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-0180 Reflected cross-site scripting CWE-79 - CVE-2022-0181 Stored cross-site scripting CWE-79 - CVE-2022-0182 CVE-2022-0180,...

8.8CVSS6.2AI score0.01277EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 12:0 a.m.46 views

JVN#49047921: Jimoty App for Android uses a hard-coded API key for an external service

Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update t...

3.3CVSS3.7AI score0.00203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 12:0 a.m.55 views

JVN#72788165: Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master"

WordPress Plugin "Quiz And Survey Master" provided by ExpressTech contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2022-0180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.8CVSS6.8AI score0.01277EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/28 2:51 a.m.5 views

Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems

Overview Multi-function printers MFP and printing systems provided by KONICA MINOLTA, INC. contain multiple vulnerabilities listed below. Incorrect authorization CWE-863 - CVE-2021-20868 Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2021-20869 Improper handling of...

6.8CVSS7.2AI score0.00532EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/27 7:54 a.m.2 views

Multiple vulnerabilities in IDEC PLCs

Overview Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below. Unprotected transport of credentials CWE-523 - CVE-2021-37400 Plaintext storage of a password CWE-256 - CVE-2021-37401 Unprotected transport of credentials CWE-523 - CVE-2021-20826 Plaintext storage...

9.8CVSS7.2AI score0.0134EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/24 6:31 a.m.5 views

TP-Link TL-WR802N V4(JP) vulnerable to OS command injection

Overview TP-Link TL-WR802N is a wifi router for home networks. The firmware version 170705 is reported vulnerable to OS command injection CWE-78. Impact Any user who can login to the web interface of the affected product may execute any OS commands. Solution Update the Firmware Update to the late...

8.8CVSS7.5AI score0.01947EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/24 1:58 a.m.3 views

Multiple vulnerabilities in QNAP VioStar NVR

Overview VioStar series NVR provided by QNAP Systems contains multiple vulnerabilities listed below. Command injection CWE-77 - CVE-2021-38685 Improper authentication CWE-287 - CVE-2021-38686 Impact An arbitrary command may be executed by a remote attacker. - CVE-2021-38685 A remote attacker can...

9.8CVSS7.8AI score0.01471EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/24 1:51 a.m.2 views

Multiple vulnerabilities in multiple Yamaha routers

Overview Multiple routers provided by Yamaha Corporation contain multiple vulnerabilities listed below. Cross-site script inclusion CWE-829 - CVE-2021-20843 Improper neutralization of HTTP request headers for scripting syntax CWE-644 - CVE-2021-20844 Shoji Baba of IERAE SECURITY INC. reported the...

5.7CVSS6.8AI score0.00926EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/22 6:7 a.m.2 views

Android Apps developed using Yappli fails to restrict custom URL schemes properly

Overview Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the A...

8.1CVSS6.4AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/22 12:0 a.m.38 views

JVN#66422035: Android Apps developed using Yappli fails to restrict custom URL schemes properly

Yappli provided by Yappli, Inc. is an application development platform. Android Apps that are developed with Yappli provide the function to access a requested URL using Custom URL Scheme. The access to the function is not restricted properly CWE-939 which may be exploited to direct the App to...

8.1CVSS7.8AI score0.00842EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/20 5:53 a.m.2 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Open redirect CWE-601 - CVE-2021-20875 Path Traversal CWE-22 - CVE-2021-20876 CVE-2021-20874 TAKUMA SHIGA...

7.5CVSS6.7AI score0.01296EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/20 12:0 a.m.44 views

JVN#79798166: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 - CVE-2021-20874 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 7.5 CVSS v2|...

7.5CVSS7AI score0.01296EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/17 7:57 a.m.4 views

UNIVERGE DT Series vulnerable to missing encryption of sensitive data

Overview UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solutions throug...

5.3CVSS6.5AI score0.01066EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/17 12:0 a.m.53 views

JVN#13464252: UNIVERGE DT Series vulnerable to missing encryption of sensitive data

UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. Impact If a remote attacker who can access to the internal network setting the product analyzes packets...

5.3CVSS5.2AI score0.01066EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/09 4:43 a.m.3 views

Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)

Overview Trend Micro Incorporated has released security updates for Trend Micro Security 2021 family Consumer. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Maximum Security 2021 A user who can log in to the system where...

7.8CVSS7.2AI score0.00301EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/02 8:16 a.m.5 views

Multiple vulnerabilities in multiple ELECOM routers

Overview Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper access control leading to unauthorized activation of telnet service CWE-284 - CVE-2021-20862 OS command injection CWE-78 - CVE-2021-20863 Improper access control leading to unauthorized...

8.8CVSS8.4AI score0.00862EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/02 6:2 a.m.3 views

Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Missing authorization related to user list obtaining CWE-862 -...

7.5CVSS6.9AI score0.02462EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/02 12:0 a.m.43 views

JVN#09136401: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS6.9AI score0.02462EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/30 7:23 a.m.5 views

Multiple vulnerabilities in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 OS command injection CWE-78 - CVE-2021-20853, CVE-2021-20854 Cross-site scripting CWE-79 - CVE-2021-20855, CVE-2021-20856 Cross-site scripting...

8.8CVSS7.7AI score0.00585EPSS
Exploits0References29
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/30 5:49 a.m.3 views

Wi-Fi STATION SH-52A vulnerable to cross-site scripting

Overview Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability CWE-79. Takayuki Sasaki of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

6.1CVSS6AI score0.00815EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/11/30 12:0 a.m.32 views

JVN#19482703: Wi-Fi STATION SH-52A vulnerable to cross-site scripting

Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the WebUI of the product. Solution Apply an Update Apply the update according to the information...

6.1CVSS6.1AI score0.00815EPSS
Exploits0
Total number of security vulnerabilities5625