Lucene search
K

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 6 days ago•6 views

Multiple vulnerabilities in the installer for Pupsman

Overview The installer for Pupsman provided by Fuji Electric Co.,Ltd. contains multiple vulnerabilities listed below: Uncontrolled search path element CWE-427 - CVE-2026-56437 The CVSS vectors above assume that a victim user is directed to place a specially crafted DLL file in the same folder as...

8.5CVSS7.3AI score0.00134EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/07/07 6:23 a.m.•4 views

SEIKO EPSON printers and scanners Web Config vulnerable to cross-site request forgery

Overview Web Config embedded in multiple printers and scanners provided by SEIKO EPSON CORPORATION contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-58315 Kentaro Ishii of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

5.1CVSS6.1AI score0.00102EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/07/01 5:55 a.m.•5 views

Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•7 views

Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2026-56809 Tomasz Holeksa of Pentest...

6.1CVSS6.4AI score0.00187EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•5 views

RPG MAKER MV and MZ vulnerable to OS command injection

Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...

8.4CVSS7.1AI score0.00677EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•6 views

DGM3103SCT vulnerable to OS command injection

Overview DGM3103SCT provided by AVTECH Security Corporation contains the following vulnerability. OS command injection CWE-78 - CVE-2026-56808 Tomoya KITAGAWA, Satoki TSUJI, Seiya NAKATA, and Yudai FUJIWARA of Ricerca Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

8.6CVSS7AI score0.0155EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/29 5:18 a.m.•8 views

Multiple vulnerabilities in Fluentd

Overview Fluentd provided by Fluentd Project contains multiple vulnerabilities listed below. Path traversal in $tag Placeholder CWE-22 - CVE-2026-44024 Missing authentication for critical function in Monitor Agent API CWE-306 - CVE-2026-44025 Improper handling of highly compressed data in inhttp...

9.8CVSS6AI score0.01107EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/26 5:25 a.m.•6 views

ExpressUpdate Agent for Windows improper access restriction on its named pipe

Overview ExpressUpdate Agent for Windows provided by NEC Corporation is the software module for NEC server products, to support remote management of installed software. ExpressUpdate Agent for Windows configures its named pipe with an improper access restriction. Exposed IOCTL with Insufficient...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/26 12:52 a.m.•3 views

Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control

Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/25 12:32 a.m.•4 views

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint

Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...

8.2CVSS7AI score0.02164EPSS
Exploits4References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/17 5:8 a.m.•6 views

Multiple vulnerabilities in Canon EOS Network Setting Tool

Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...

9.8CVSS5.8AI score0.00267EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/17 4:53 a.m.•7 views

OS command injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router

Overview RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-53876 KAZUHIRO SHIBUTA of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

8.6CVSS7.1AI score0.01786EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/16 5:1 a.m.•8 views

Improper file access permission settings in the installers for Optical Disc Archive Software for Windows

Overview Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-50255 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.7CVSS6.7AI score0.00089EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/16 5:1 a.m.•4 views

ThingsBoard vulnerable to prototype pollution

Overview ThingsBoard contains the following vulnerability Prototype Pollution CWE-1321 - CVE-2026-53676 HIROKI IMAI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary code may be...

8.6CVSS7.1AI score0.00603EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/15 6:30 a.m.•5 views

Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers

Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/12 2:46 a.m.•11 views

Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems

Overview When a large number of malicious packets are received, the iSCSI port may become unresponsive. CVE-2025-7737 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...

8.6CVSS5.4AI score0.00268EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/10 2:16 a.m.•11 views

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2025-65082 This vulnerability will not occur if CGI is not used. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...

6.5CVSS6.7AI score0.00771EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/09 5:7 a.m.•9 views

CamView installer insecurely loads Dynamic Link Libraries

Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...

9.3CVSS7.7AI score0.01525EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/05 5:5 a.m.•19 views

Multiple TP-Link products vulnerable to cleartext transmission of sensitive information

Overview Multiple TP-Link products provided by TP-Link Systems Inc. contain the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-34126 eyegrep and izurina of L Plus LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS5.4AI score0.00097EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/04 8:26 a.m.•14 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability CVE-2026-20930 | Windows Management Services Elevation of...

8.8CVSS7.1AI score0.02579EPSS
Exploits1References110
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/03 8:8 a.m.•12 views

TP-Link Archer BE450 and BE7200 vulnerable to OS command injection

Overview Archer BE450 and BE7200 provided by TP-Link contain the following vulnerability. OS command injection CWE-78 - CVE-2026-5509 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed...

8.5CVSS5.6AI score0.02458EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/03 5:10 a.m.•13 views

WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery

Overview WordPress Plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-8174 Norio Abe reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.7CVSS5.4AI score0.00371EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/01 8:37 a.m.•9 views

Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS

Overview My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability. Improper link resolution before file access 'Link following' CWE-59 - CVE-2026-6891, CVE-2026-6892 Canon Inc. reported this vulnerability to JPCERT/CC to notify users o...

5.1CVSS5.4AI score0.00123EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/01 8:34 a.m.•15 views

Multiple vulnerabilities in ServerView Agents for Windows

Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...

8.5CVSS7.2AI score0.00097EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/28 4:42 a.m.•15 views

Jupyter Server vulnerable to open redirect

Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...

7.4CVSS5.8AI score0.00265EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•10 views

Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint

Overview Vulnerability has been found in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Analyzer viewpoint. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

4.6CVSS5.7AI score0.00175EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•21 views

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865,...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/27 6:9 a.m.•53 views

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 6:35 a.m.•15 views

NEC Aterm series vulnerable to cross-site scripting (NV26-002)

Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 6:35 a.m.•15 views

NEC Aterm series vulnerable to OS command injection (NV26-003)

Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.5CVSS5.8AI score0.00722EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/25 2:39 a.m.•19 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-23667 | Broadcast DVR Elevation of Privilege Vulnerability CVE-2026-23668 | Windows Graphics Component Elevation of Privilege Vulnerability CVE-2026-23669 | Windows Print Spooler Remote Code Execution Vulnerability CVE-2026-23671 | Windows Bluetooth RFCOM Protocol Driver Elevati...

8.8CVSS7AI score0.04491EPSS
Exploits8References43
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/22 7:44 a.m.•14 views

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)

Overview Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below. Relative path traversal in Apex One server CWE-23 - CVE-2026-34926 The only product that could be vulnerable to this exploit is TrendAI Apex One On Premise...

7.8CVSS6.1AI score0.12682EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/21 8:22 a.m.•10 views

Android App "RoboForm Password Manager" insufficient validation of Android intents

Overview Android App "RoboForm Password Manager" provided by Siber Systems, Inc. accepts intents from other applications to open relevant web pages e.g., login pages, but without sufficient URL validation, user confirmation nor notification. Insufficient UI Warning of Dangerous Operations CWE-357...

4.6CVSS5.8AI score0.00132EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/20 6:21 a.m.•19 views

Movable Type vulnerable to missing authorization

Overview Movable Type provided by Six Apart Ltd. contains the following vulnerability. Missing authorization CWE-862 - CVE-2026-44392 Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/15 4:57 a.m.•12 views

Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...

8.5CVSS6.6AI score0.00134EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/14 7:16 a.m.•16 views

WPS Office improper access restriction to its named pipe

Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...

7.8CVSS7.3AI score0.00336EPSS
Exploits2References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/13 6:41 a.m.•20 views

Android App "Anshin Filter for au" vulnerable to cleartext transmission of sensitive information

Overview Android App "Anshin Filter for au" provided by KDDI CORPORATION contains the following vulnerability. Cleartext transmission of sensitive information CWE-319 - CVE-2026-41281 Impact A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially...

6.3CVSS5.8AI score0.00092EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/13 6:41 a.m.•24 views

GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow

Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 This can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege T...

9.8CVSS7.5AI score0.00472EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/13 6:41 a.m.•18 views

Bytello Share (Windows Edition) installer executable insecurely loads Dynamic Link Libraries

Overview GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability. Stack-based buffer overflow in pop3wallpasswd command CWE-121 - CVE-2026-32661 The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite...

9.8CVSS7.5AI score0.00472EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/12 6:16 a.m.•21 views

Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)

Overview Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Use of Hard-coded Cryptographic Key in creating backup of configuration files CWE-321 - CVE-2026-25107 OS command injection in processing of pingipaddr parameter...

9.8CVSS6.5AI score0.01633EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/12 5:4 a.m.•18 views

Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure

Overview Canon Production Printers and Office Multifunction Printers contain the following vulnerability. Reliance on untrusted inputs in a security decision CWE-807 - CVE-2026-1789 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an...

6.9CVSS5.8AI score0.00294EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•14 views

"Kura Sushi Official App" vulnerable to improper certificate validation

Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...

9.1CVSS7.1AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•17 views

Lhaz and Lhaz+ vulnerable to path traversal

Overview Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerability. Path traversal CWE-22 - CVE-2026-41530 RyotaK of GMO Flatt Security Inc. and Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.6CVSS5.8AI score0.0015EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•15 views

libXpm vulnerable to out-of-bounds read

Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/05/11 9:20 a.m.•19 views

GROWI vulnerable to path traversal

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-41951 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security Early Warning...

8.6CVSS7.4AI score0.00495EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/30 8:2 a.m.•14 views

Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...

5.1CVSS6AI score0.00266EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/24 8:56 a.m.•4 views

Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]

Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...

8.8CVSS5.4AI score0.0078EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/23 7:57 a.m.•9 views

Multiple vulnerabilities in LogonTracer

Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...

8.8CVSS5.7AI score0.01213EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/23 7:57 a.m.•10 views

CMS ALAYA vulnerable to SQL injection

Overview CMS ALAYA provided by KANATA Limited contains the following vulnerability. SQL injection CWE-89 - CVE-2026-40529 Naoto Senda of Five Drive Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.1CVSS5.2AI score0.00161EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/23 7:57 a.m.•8 views

IP Setting Software may insecurely load Dynamic Link Libraries

Overview IP Setting Software provided by i-PRO Co., Ltd. contains the following vulnerability in the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-34488 i-PRO Co., Ltd. reported this vulnerability to IPA to notify...

7.3CVSS7.2AI score0.00144EPSS
Exploits0References6
Total number of security vulnerabilities5627