5625 matches found
JVN#42435855 FreeStyleWiki command injection vulnerability
Impact A user having FreeStyleWiki administrative privileges but with no web server administrative privileges could execute arbitrary code with privileges to execute CGI on the web server. Solution Products Affected FreeStyleWiki 3.5.8 and earlier...
WordPress Plugin "Zoho Mail for WordPress" vulnerable to cross-site request forgery
Overview WordPress Plugin "Zoho Mail for WordPress" provided by Zoho Corporation contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2026-8174 Norio Abe reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Multiple Vulnerabilities in Cosminexus
Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (May 2026)
Overview Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises contain multiple vulnerabilities listed below. Relative path traversal in Apex One server CWE-23 - CVE-2026-34926 The only product that could be vulnerable to this exploit is TrendAI Apex One On Premise...
Multiple vulnerabilities in baserCMS
Overview baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-30879 OS command injection CWE-78 - CVE-2026-30880 SQL injection CWE-89 - CVE-2026-27697 Cross-site scripting CWE-79 - CVE-2026-32734 CVE-2026-30879 Gai...
Security information for Hitachi Disk Array Systems
Overview CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability CVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability CVE-2026-20804 | Windows Hello Tampering Vulnerability CVE-2026-20805 | Desktop Window...
Security information for Hitachi Disk Array Systems
Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...
Obsidian GitHub Copilot Plugin stores sensitive information in cleartext
Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#99577552: Multiple vulnerabilities in SS1
SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength(CWE-326) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5 CVE-2025-46409 Files or...
JVN#37075430: TimeWorks vulnerable to path traversal
The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2025-41428 Impact Arbitra...
JVN#26321838: Multiple vulnerabilities in AssetView
AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Base Score 8.2 CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201...
JVN#43845108: Multiple FCNT Android devices vulnerable to authentication bypass
Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. The devices contain an authentication bypass vulnerability CWE-306, where, under certain conditions, the setting pages may be accessed without...
JVN#31982676: MUSASI version 3 performing authentication on client-side
MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This behavior...
JVN#54676967: baserCMS plugin "BurgerEditor" vulnerable to directory listing
baserCMS plugin "BurgerEditor" provided by D-ZERO CO.,LTD. contains a directory listing vulnerability CWE-548, CVE-2024-44807. If accessing a URL of the web site using the plugin that has a specific string added to the end, a list of uploaded files may be obtained. In addition, the uploaded file...
JVN#72148744: Apache Tomcat improper handling of TLS handshake process data
Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. Impact Denial-of-service DoS attacks may be conducted through TLS connection. Solution Update the software Update...
JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins
EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...
JVN#24683352: TvRock vulnerable to cross-site request forgery
TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site request forgery vulnerability CWE-352. Impact If a logged-in user of TVRock accesses a specially crafted page, unintended operatio...
Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries
Overview Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...
Backdoor access issue in Wi-Fi STATION L-02F
Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. JPCERT/CC...
JVN#98126322: Trend Micro Internet Security vulnerability where files may be excluded as scan targets
Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API from the...
JVN#10461119: Cross-site scripting vulnerability in the web2py social bookmarking widget
web2py is a framework for creating and designing web applications. The social bookmarking widget in web2py contains a cross-site scripting vulnerability. Impact A user who accesses a site created by web2py which uses share.js may have an arbitrary script executed on its web browser. Solution Upda...
Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...
JVN#40382909: Microsoft Outlook read receipt function vulnerability
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...
JVN#79026329 Kantan WEB Server directory traversal vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...
JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...
lv Arbitrary Command Execution Vulnerability
Overview lv contains a vulnerability of reading and running a .lv file in the current directry. Impact An attacker could execute arbitrary command as other users with the privilege of the user running lv. Solution Please refer to the 'Vendor Information' section of this advisory for official...
JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability
MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...
JVN#91868305 RaidenHTTPD cross-site scripting vulnerability
RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...
JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...
JVN#33218020 Feed2JS cross-site scripting vulnerability
Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...
JVN#70075625 Aipo session fixation vulnerability
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker. Impact This vulnerability may allo...
JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability
Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...
JVN#83832818: Interstage Application Server cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...
JVN#84746611 Ariel AirOne series cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Ariel AirOne ProjectA v4.6.1 Ariel MultiScheduler v4.6.3 For more information, refer to the vendor's website...
JVN#02729869 pnamazu cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...
JVN#38746816 TikiWiki cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected TikiWiki version 1.9.5 and earlier...
JVN#34522909 Kahua vulnerable in allowing to share login sessions
Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...
JVN#88325166 Hyper NIKKI System cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected hns-2.190.8 hns-lite-2.190.8 and earlier...
JVN#68295640 Movable Type vulnerabile to cross-site scripting
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Movable Type 3.3, 3.31, 3.32 Movable Type Enterprise 1.01, 1.02 For more information, refer to the...
JVN#65677118 Pixelpost cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...
JVN#73368472: ServerView directory traversal vulnerability
Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#97636431 dotProject cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected dotProject 2.0.2 and earlier As of June 5, 2006, it is confirmed that Internet Explorer is affecte...
JVN#78363061 CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked. Solution Products Affected CAFEMILK SHOPPING CART version 3.80 and earlier...
JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...
JVN#73133641 Eudora Japanese version stops working after the application crashes
Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...
JVN#28011334 Opera bookmark function vulnerability
Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...
JVN#76659792 WirelessIP5000 has multiple vulnerabilities
Impact These vulnerabilities may allow an attacker to conduct the following attacks: Illegal information collection Change of the configuration using SNMP protocol, web browsers, etc. Denial of service DoS attacks using information which the HTTP server provides Impersonation and information...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability CVE-2026-20930 | Windows Management Services Elevation of...
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"
Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...
Multiple vulnerabilities in MATCHA series
Overview MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2026-24913 Cross-site scripting CWE-79 - CVE-2026-27787 Unrestricted upload of file with dangerous typeCWE-434 - CVE-2026-33273 CVE-2026-24913, CVE-2026-27787 Kenta...