5627 matches found
Multiple vulnerabilities in the installer for Pupsman
Overview The installer for Pupsman provided by Fuji Electric Co.,Ltd. contains multiple vulnerabilities listed below: Uncontrolled search path element CWE-427 - CVE-2026-56437 The CVSS vectors above assume that a victim user is directed to place a specially crafted DLL file in the same folder as...
SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery
Overview Web Config embedded in multiple printers and scanners provided by SEIKO EPSON CORPORATION contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-58315 Kentaro Ishii of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection
Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...
Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2026-56809 Tomasz Holeksa of Pentest...
RPG MAKER MV and MZ vulnerable to OS command injection
Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...
DGM3103SCT vulnerable to OS command injection
Overview DGM3103SCT provided by AVTECH Security Corporation contains the following vulnerability. OS command injection CWE-78 - CVE-2026-56808 Tomoya KITAGAWA, Satoki TSUJI, Seiya NAKATA, and Yudai FUJIWARA of Ricerca Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...
Multiple vulnerabilities in Fluentd
Overview Fluentd provided by Fluentd Project contains multiple vulnerabilities listed below. Path traversal in $tag Placeholder CWE-22 - CVE-2026-44024 Missing authentication for critical function in Monitor Agent API CWE-306 - CVE-2026-44025 Improper handling of highly compressed data in inhttp...
ExpressUpdate Agent for Windows improper access restriction on its named pipe
Overview ExpressUpdate Agent for Windows provided by NEC Corporation is the software module for NEC server products, to support remote management of installed software. ExpressUpdate Agent for Windows configures its named pipe with an improper access restriction. Exposed IOCTL with Insufficient...
Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control
Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint
Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...
Multiple vulnerabilities in Canon EOS Network Setting Tool
Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...
OS command injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router
Overview RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-53876 KAZUHIRO SHIBUTA of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Improper file access permission settings in the installers for Optical Disc Archive Software for Windows
Overview Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-50255 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
ThingsBoard vulnerable to prototype pollution
Overview ThingsBoard contains the following vulnerability Prototype Pollution CWE-1321 - CVE-2026-53676 HIROKI IMAI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be...
Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers
Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...
Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems
Overview When a large number of malicious packets are received, the iSCSI port may become unresponsive. CVE-2025-7737 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2025-65082 This vulnerability will not occur if CGI is not used. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...
CamView installer insecurely loads Dynamic Link Libraries
Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...
Multiple TP-Link products vulnerable to cleartext transmission of sensitive information
Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability CVE-2026-20930 | Windows Management Services Elevation of...
TP-Link Archer BE450 and BE7200 vulnerable to OS command injection
Overview Archer BE450 and BE7200 provided by TP-Link contain the following vulnerability. OS command injection CWE-78 - CVE-2026-5509 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed...
WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery
Overview WordPress Plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-8174 Norio Abe reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS
Overview My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability. Improper link resolution before file access 'Link following' CWE-59 - CVE-2026-6891, CVE-2026-6892 Canon Inc. reported this vulnerability to JPCERT/CC to notify users o...
Multiple vulnerabilities in ServerView Agents for Windows
Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...
Jupyter Server vulnerable to open redirect
Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...
Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint
Overview Vulnerability has been found in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...
Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...
Multiple Vulnerabilities in Cosminexus
Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
NEC Aterm series vulnerable to OS command injection (NV26-003)
Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
Overview Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below. Relative path traversal in Apex One server CWE-23 - CVE-2026-34926 The only product that could be vulnerable to this exploit is TrendAI Apex One On Premise...
Android App "RoboForm Password Manager" insufficient validation of Android intents
Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...
Movable Type vulnerable to missing authorization
Overview Movable Type provided by Six Apart Ltd. contains the following vulnerability. Missing authorization CWE-862 - CVE-2026-44392 Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information...
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"
Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information
Overview Android App "Anshin Filter for au" provided by KDDI CORPORATION contains the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-41281 Impact A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially...
GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow
Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 This can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege T...
Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries
Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite...
Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)
Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Use of Hard-coded Cryptographic Key in creating backup of configuration files CWE-321 - CVE-2026-25107 OS command injection in processing of pingipaddr parameter...
Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure
Overview Canon Production Printers and Office Multifunction Printers contain the following vulnerability. Reliance on untrusted inputs in a security decision CWE-807 - CVE-2026-1789 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an...
"Kura Sushi Official App" vulnerable to improper certificate validation
Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...
Lhaz and Lhaz+ vulnerable to path traversal
Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerability. Path traversal CWE-22 - CVE-2026-41530 RyotaK of GMO Flatt Security Inc. and Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
libXpm vulnerable to out-of-bounds read
Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
GROWI vulnerable to path traversal
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...
Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...
Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]
Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...
Multiple vulnerabilities in LogonTracer
Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...
CMS ALAYA vulnerable to SQL injection
Overview CMS ALAYA provided by KANATA Limited contains the following vulnerability. SQL injection CWE-89 - CVE-2026-40529 Naoto Senda of Five Drive Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
IP Setting Software may insecurely load Dynamic Link Libraries
Overview IP Setting Software provided by i-PRO Co., Ltd. contains the following vulnerability in the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-34488 i-PRO Co., Ltd. reported this vulnerability to IPA to notify...