5625 matches found
Jupyter Server vulnerable to open redirect
Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...
NEC Aterm series vulnerable to cross-site scripting (NV26-002)
Overview Aterm series products provided by NEC Corporation contain the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-6059 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
NEC Aterm series vulnerable to OS command injection (NV26-003)
Overview NEC Aterm series products provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2026-8652 So Kato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path
Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...
JVN#20474768: Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N...
JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar
The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...
JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...
JVN#87770340: Stack-based buffer overflow vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains a stack-based buffer overflow vulnerability CWE-121 due to inappropriate parsing process of HTTP request. Impact Receiving a specially...
JVN#57285747: N-LINE vulnerable to HTML injection
N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...
JVN#58721679: SHIRASAGI vulnerable to path traversal
SHIRASAGI provided by SHIRASAGI Project processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability CWE-22. Impact When processing crafted HTTP requests, arbitrary files on the server may be retrieved. Solution Update the software Update the software to the latest...
JVN#42445661: Multiple vulnerabilities in Smart-tab
Smart-tab provided by TECHNO SUPPORT COMPANY is a multi-functional guest room tablet system for hotels and other accommodation facilities. Smart-tab contains multiple vulnerabilities listed below. Active debug code CWE-489 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-41999...
JVN#58574030: Scanning evasion issue in Cisco Secure Email Gateway
Cisco Secure Email Gateway provides anti-virus scanning facility for e-mail attachments. It was reported that a certain crafted file can evade anti-virus scanning facility. Impact Some malicious contents may evade the scanning facility of the affected product and reach victim recipients. Solution...
smalruby-editor vulnerable to OS command injection
Overview smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#20786316: Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS)
Cryptography API: Next Generation CNG contains an issue in BCryptDecrypt, which may result in a denial-of-service DoS. Impact If CNG processes a specially crafted key data, the product may be terminated abnormally. Solution Upgrade Windows According to the developer, CNG included in Windows 8 and...
JVN#63901692: Internet Explorer vulnerable to information disclosure
Internet Explorer contains an issue in handling XML files, which may result in information disclosure. Impact If a user opens a specially crafted XML file as a local file, other local files may be disclosed. Solution Upgrade the software Users of Windows 7 and later, Windows Server 2008 R2 and...
JVN#10461119: Cross-site scripting vulnerability in the web2py social bookmarking widget
web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Impact A user who accesses a site created by web2py which uses share.js may have an arbitrary script executed on its web browser. Solution Upda...
JVN#66596216: WikkaWiki vulnerable to cross-site scripting
WikkaWiki is an open source wiki written in PHP. WikkaWiki contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Product...
GoodReader vulnerable to cross-site scripting
Overview GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#29852698 Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)
RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Softwar...
JVN#23558374 Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)
Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version Ver. 3.x contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability
Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...
JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...
JVN#38893575 PC2M cross-site scripting vulnerability
PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...
JVN#32981509 Ichitaro series buffer overflow vulnerability
The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user opens a specially crafted jtd file or views it on a web browser, an attacker could execute arbitrary code with the privileges of the user. Impact An attacker could...
JVN#01913089 Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal
httpd.pl, an open source web server application program from Fuktommy.com including an HTML preprocessor, contains a directory traversal vulnerability. Impact A remote attacker could, without authentication, view files on the server where httpd.pl is installed. This could lead to unintentional...
JVN#05187780 Hiki arbitrary file deletion vulnerability
Hiki contains a vulnerability that allows an arbitrary file to be deleted on a server running Hiki. This is caused by the improper handling of a session management file. Impact A remote attacker may be able to delete arbitrary files with the privilege of the user running Hiki. Solution Upgrade th...
JVN#89497739 Meneame cross-site scripting vulnerability
Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker could execute an arbitrary script on the user's web browser. As a result, an attacker could possibly conduc...
JVN#84646028 open-gorotto cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...
JVN#84430861 Sage vulnerable to arbitrary script execution
Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...
JVN#64354801 b2evolution cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected b2evolution Version 1.9.1 beta and earlier b2evolution Version 1.8.6 and earlier...
JVN#31185550 tDiary arbitrary Ruby script execution vulnerability
Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the web server with tDiary's execution privilege. This could lead to information leak or erasure, password compromise, and contents alteration, etc. Solution Products Affected tDiary 2.0.3 tDiary...
JVN#57280612 phpComasy cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected phpComasy 0.7.9-pre and earlier...
JVN#84656399 Nucleus cross-site scripting vulnerability
Impact An arbitrary script could be executed on the web browser of an administrator with Nucleus super-admin privilege. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Nucleus v3.23 and earlier...
JVN#30994815 MyODBC Japanese Conversion Edition denial of service vulnerability
Impact A remote attacker could cause a denial of service condition by sending a certain string in a response to a MySQL database. Solution Products Affected MyODBC Japanese Conversion Edition version 3.51.06, 2.50.29, 2.50.25 Development and maintenance of MyODBC Japanese Conversion Edition has...
JVN#07235355 desknet's buffer overflow vulnerability
Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution Products Affected version V4.5J R2.4 and earlier For more information, refer to the vendor's websites...
JVN#85996645 NEC MultiWriter 1700C/7500C FTP server vulnerability
Impact A remote attacker could possibly conduct a FTP bounce attack via the printer's FTP server against another host. Solution Products Affected NEC MultiWriter 1700C model number: PR-L1700C Network Expansion Card PR-L1700C-MC NEC ColorMultiWriter 7500C model number: PR-L7500C For more...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...
JVN#84091359 Trac cross-site scripting vulnerability
Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution Products Affected Trac 0.94 and earlier versions of 0.9 series Trac-ja 0.94 and earlier versions of 0.9 series...
Multiple vulnerabilities in ServerView Agents for Windows
Overview ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software. ServerView Agents for Windows contains multiple vulnerabilities listed below. Incorrect permission assignment for critical resource CWE-732 - CVE-2026-27788 Privilege chaining CWE-268 -...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
Overview Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below. Relative path traversal in Apex One server CWE-23 - CVE-2026-34926 The only product that could be vulnerable to this exploit is TrendAI Apex One On Premise...
"Kura Sushi Official App" vulnerable to improper certificate validation
Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...
libXpm vulnerable to out-of-bounds read
Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Open redirect vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Open redirect CWE-601 - CVE-2026-41226 Tony Kirkland of Sixgen Inc reported this...
OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection
Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...
JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness
Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...
JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key
i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 CVE-2025-32730 Impact...
JVN#46615026: Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX
UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-45841 OS Command Injection CWE-78...
JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting
"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...