Lucene search
K

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/04/01 12:0 a.m.•16 views

JVN#87266215: WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization

WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Impact Arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. Solution Update the plugin Update the plug...

8.8CVSS6.9AI score0.0043EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/31 7:59 a.m.•5 views

Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers

Overview FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files CWE-61. Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Attaching to the affect...

6.2CVSS6.6AI score0.00305EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/28 1:46 a.m.•5 views

a-blog cms vulnerable to untrusted data deserialization

Overview a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. appleple inc. reported this vulnerability to JPCERT/CC to notify...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/28 12:0 a.m.•18 views

JVN#66982699: a-blog cms vulnerable to untrusted data deserialization

a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...

7.5CVSS7AI score0.00474EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/26 9:13 a.m.•4 views

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...

7.5CVSS7.1AI score0.03532EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/26 4:25 a.m.•5 views

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Use of client-side authentication CWE-603 - CVE-2025-24517 Storing passwords in a recoverable format CWE-257 - CVE-2025-24852 Weak password requirements CWE-521 - CVE-2025-2521...

9.8CVSS7.3AI score0.01123EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/26 12:0 a.m.•24 views

JVN#39026557: Multiple vulnerabilities in PowerCMS

PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...

7.5CVSS7.2AI score0.03532EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/25 8:10 a.m.•5 views

Multiple vulnerabilities in AssetView

Overview AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201 - CVE-2025-27244 Takao Kondo of VeriServe Corporation...

8.2CVSS7.2AI score0.00482EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/25 12:0 a.m.•14 views

JVN#26321838: Multiple vulnerabilities in AssetView

AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Base Score 8.2 CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201...

8.2CVSS7.3AI score0.00482EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/19 6:33 a.m.•3 views

Multiple vulnerabilities in home gateway HGW-BL1500HM

Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...

8.8CVSS6.6AI score0.00878EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/19 12:0 a.m.•53 views

JVN#04278547: Multiple vulnerabilities in home gateway HGW-BL1500HM

Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-27567 Stored cross-site scripting in the USB storage...

8.8CVSS7.3AI score0.00878EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/18 6:1 a.m.•2 views

+F FS010M vulnerable to OS command injection

Overview +F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-24306 OS command injection CWE-78 - CVE-2025-25220 Takeshi Kuramori of National Institute of Information and Communications Technology,...

8.8CVSS7.6AI score0.01011EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/18 12:0 a.m.•10 views

JVN#11230428: +F FS010M vulnerable to OS command injection

+F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-24306 OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base...

8.8CVSS7.3AI score0.01011EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/12 5:19 a.m.•4 views

hostapd vulnerable to improper processing of RADIUS packets

Overview hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

3.7CVSS6.7AI score0.00716EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/12 12:0 a.m.•8 views

JVN#19358384: hostapd vulnerable to improper processing of RADIUS packets

hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. Impact When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS...

3.7CVSS6.8AI score0.00716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/06 5:27 a.m.•4 views

Multiple vulnerabilities in RemoteView Agent (for Windows)

Overview RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a...

7.8CVSS7AI score0.00143EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/06 12:0 a.m.•8 views

JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)

RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a specific...

7.8CVSS7.7AI score0.00143EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/03/04 5:56 a.m.•6 views

Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)

Overview FutureNet AS series Industrial Routers and FA series Protocol Conversion Machine provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Authentication Bypass CWE-288 - CVE-2025-24846 Buffer Overflow CWE-120 - CVE-2025-25280 Chuya Hayakawa and Ryo Kamino of...

7.5CVSS7AI score0.00494EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/20 11:15 a.m.•5 views

"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel

Overview "RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel CWE-288. Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker with acces...

5.2CVSS6.7AI score0.00244EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 7:19 a.m.•3 views

Multiple cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 - CVE-2025-22888 Stored cross-site scripting vulnerability in the HTML edit mode ...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 5:51 a.m.•8 views

RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

Overview RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. contain an incorrect resource transfer between spheres vulnerability. RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. build a sandbox environment isolated from a server or a client's...

2.7CVSS6.5AI score0.00194EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 12:0 a.m.•10 views

JVN#48742353: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-22888 Stored cross-si...

6.1CVSS6.8AI score0.00238EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/19 12:0 a.m.•8 views

JVN#91300609: RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres

RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. build a sandbox environment isolated from a server or a client's local environment. These products provide the function enabling execution of sanitizing files when downloading files from the sandbox environment to the...

2.7CVSS6.9AI score0.00194EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/18 7:33 a.m.•4 views

Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability CWE-787, CVE-2024-45320 due to a flaw in verifying the length of data. Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/18 7:24 a.m.•9 views

Out-of-bounds read vulnerability in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains an out-of-bounds read vulnerability CWE-125, CVE-2025-0591. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Having a user open a specially crafted file may lead to information...

7.8CVSS6.2AI score0.00167EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/17 9:22 a.m.•2 views

Out-of-bounds read vulnerability in Cente middleware

Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...

5.3CVSS6.5AI score0.00389EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/17 4:43 a.m.•5 views

Multiple vulnerabilities in The LuxCal Web Calendar

Overview The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 - CVE-2025-25221 SQL injection in retrieve.php CWE-89 - CVE-2025-25222 Path traversal in dloader.php CWE-22 - CVE-2025-25223 Missing authentication in dloader.php...

9.8CVSS8AI score0.00587EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/17 12:0 a.m.•15 views

JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar

The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...

9.8CVSS7.6AI score0.00587EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 7:39 a.m.•3 views

acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

9.8CVSS7.5AI score0.01361EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 6:48 a.m.•6 views

Multiple vulnerabilities in NEC Aterm series (NV25-003)

Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2025-0354 Missing Authentication for Critical Function CWE-306 - CVE-2025-0355 OOS Command Injection CWE-78 - CVE-2025-0356 CVE-2025-0354, CVE-2025-0355...

7.5CVSS6.9AI score0.006EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 12:0 a.m.•31 views

JVN#65447879: Multiple vulnerabilities in NEC Aterm series (NV25-003)

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8 CVE-2025-0354 Missing Authentication for Critical Function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

7.5CVSS7.3AI score0.006EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/14 12:0 a.m.•9 views

JVN#96957439: acmailer CGI and acmailer DB vulnerable to OS command injection

acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the software Update the software to the latest version according to the information provided by the...

9.8CVSS7.6AI score0.01361EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/13 4:39 a.m.•3 views

Multiple vulnerabilities in FileMegane

Overview FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 - CVE-2025-20075 Authentication Bypass by Spoofing CWE-290 - CVE-2025-25055 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these...

7.2CVSS7.2AI score0.00332EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/13 12:0 a.m.•18 views

JVN#80527854: Multiple vulnerabilities in FileMegane

FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L Base Score 7.2 CVE-2025-20075 Authentication Bypass by Spoofing(CWE-290) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A...

7.2CVSS7.4AI score0.00332EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/12 6:5 a.m.•5 views

acmailer vulnerable to cross-site scripting

Overview acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. This vulnerability was reported to IPA, and JPCERT/CC started coordination with the developer in 2023. The developer released the fixed version on 2023. The coordination between JPCERT/CC and...

6.1CVSS6AI score0.00279EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/12 12:0 a.m.•8 views

JVN#84319378: acmailer vulnerable to cross-site scripting

acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product. Solution Update the software Update the software to the latest versi...

6.1CVSS6.2AI score0.00279EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:27 a.m.•2 views

OMRON NJ/NX series vulnerable to path traversal

Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-12083. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...

6.6CVSS7.2AI score0.00637EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:27 a.m.•1 views

Multiple vulnerabilities in STEALTHONE D220/D340/D440

Overview Network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20016 OS Command Injection CWE-78 - CVE-2025-20055 SQL Injection CWE-89 - CVE-2025-20620 Chuya Hayakawa and Ryo Kamino of...

9.8CVSS8.4AI score0.0115EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/06 9:26 a.m.•3 views

Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

Overview NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611, CVE-2024-12298. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially...

5.5CVSS6.5AI score0.00221EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/05 5:6 a.m.•3 views

Multiple vulnerabilities in Defense Platform Home Edition

Overview Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 - CVE-2025-20094 Execution with unnecessary privileges CWE-250 - CVE-2025-22890 Improper handling of message in specific...

8.8CVSS8.1AI score0.00189EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/05 12:0 a.m.•42 views

JVN#66673020: Multiple vulnerabilities in Defense Platform Home Edition

Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8 CVE-2025-20094 Execution with unnecessary privileges CWE-250...

8.8CVSS7.4AI score0.00189EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/04 4:58 a.m.•2 views

WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...

4.3CVSS6.5AI score0.00164EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/02/04 12:0 a.m.•6 views

JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...

4.3CVSS6.7AI score0.00164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/30 9:19 a.m.•4 views

Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager

Overview A Clickjacking Vulnerability was found in JP1/ServerConductor/Deployment Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

5.3CVSS6.7AI score0.00281EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 5:57 a.m.•2 views

SXF Common Library vulnerable to improper input data handling

Overview SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a produc...

3.3CVSS6.7AI score0.00153EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 4:41 a.m.•6 views

Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers

Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649, CVE-2025-2146. Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the...

9.8CVSS7.9AI score0.01181EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/29 12:0 a.m.•17 views

JVN#23839833: SXF Common Library vulnerable to improper input data handling

SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Impact If a product using the library reads a crafted file, the product may be crashed. Solution Apply the workaround Applying the following workaround may mitigate the impac...

3.3CVSS6.9AI score0.00153EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/28 4:44 a.m.•3 views

WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS6AI score0.00262EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/28 12:0 a.m.•7 views

JVN#88046370: WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

4.8CVSS6.2AI score0.00262EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/01/27 5:25 a.m.•3 views

EXIF Viewer Classic vulnerable to cross-site scripting

Overview EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References5
Total number of security vulnerabilities5627