5625 matches found
JVN#15549168: Safari for iOS vulnerable to denial-of-service
Safari for iOS contains a denial-of-service DoS vulnerability. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version of iOS according to the information provided by the developer. Products Affected Safari contained in iOS...
Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...
JVN#40382909: Microsoft Outlook read receipt function vulnerability
Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...
JVN#45184501 FAST ESP cross-site scripting vulnerability
FAST ESP from Microsoft is a software that enables users to consolidate information for searching purposes. FAST ESP's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software An update i...
JVN#79026329 Kantan WEB Server directory traversal vulnerability
Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...
JVN#67573833 Multiple Century Systems routers vulnerable to cross-site request forgery
Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator views a malicious website while logged onto the web interface, the password and other configurati...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
CruiseWorks and Minna De Office vulnerable in access restrictions
Overview CruiseWorks and Minna De Office are groupware. They contain a vulnerability that the user's access restriction is not properly set. Impact An user with a standard privilege who logs into CruiseWorks or Minna De Office could possibly change the system configurations or information...
JVN#21312708 MTCMS WYSIWYG Editor cross-site scripting vulnerability
MTCMS WYSIWYG Editor from SKYARC System is management software used to update Movable Type contents, etc. The install.cgi in MTCMS WYSIWYG Editor contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Workarounds The vendor...
JVN#53757727 Nagios cross-site scripting vulnerability
Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Update the software to the latest version accordi...
JVN#91868305 RaidenHTTPD cross-site scripting vulnerability
RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor. Products...
JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...
JVN#33218020 Feed2JS cross-site scripting vulnerability
Feed2JS Feed to JavaScript is an open source web application which converts RSS feeds into JavaScript. Feed2JS contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the user's web browser. Solution Update the Software Apply the latest updates...
JVN#84565055 Lotus Domino cross-site scripting vulnerability
IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who accesses a Lotus Domino server. Solution Update the Software For Lotus Domino...
JVN#70075625 Aipo session fixation vulnerability
Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into AIPO with the session ID sent by the attacker. Impact This vulnerability may allo...
JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability
Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...
JVN#83832818: Interstage Application Server cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...
JVN#82258242 Shopping Basket Professional vulnerable to OS command injection
Impact A remote attacker could execute an arbitrary OS command on the server where Shopping Basket Professional v7 is installed. Solution Products Affected Shopping Basket Professional v7.50 and earlier For more information, refer to the vendor's website...
JVN#02729869 pnamazu cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected pnamazu-2006.02.28 and earlier For more information, refer to the developer's website...
JVN#08494205 Chama Cargo cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Chama Cargo v4.36 and earlier For more information, refer to the vendor's website...
JVN#34522909 Kahua vulnerable in allowing to share login sessions
Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...
JVN#88325166 Hyper NIKKI System cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected hns-2.190.8 hns-lite-2.190.8 and earlier...
JVN#30144870 SugarCRM cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected SugarCRM 4.2.1b and earlier SugarCRM 4.0.1g and earlier SugarCRM 3.5.1h and earlier...
JVN#68295640 Movable Type vulnerabile to cross-site scripting
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Movable Type 3.3, 3.31, 3.32 Movable Type Enterprise 1.01, 1.02 For more information, refer to the...
JVN#62171179 Kiri directory traversal vulnerability
Impact If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location. Solution Products Affected Kiri ver9-2006 Kiri ver9-2005 Kiri ver9-2004...
JVN#65677118 Pixelpost cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, session hijacking could be conducted. Solution Products Affected Pixelpost 1.5 RC1-2 and earlier...
JVN#27794427 Dokeos cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Dokeos version 1.6.4 Patch 1 and earlier...
JVN#73368472: ServerView directory traversal vulnerability
Impact A remote attacker could view particular files on the server. Solution Products Affected ServerView V2.50 - V3.60L98 ServerView V4.10L11 - V4.11L81...
JVN#28513736 Mozilla Firefox HTTP 1.0 response smuggling vulnerability
Impact If a user views malicious web pages, an attacker could inject a script into the responses from a server in other domains. Solution Products Affected Mozilla Firefox 1.5.0.3 and earlier...
JVN#27365476 Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Impact An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system. Solution Products Affected...
JVN#73133641 Eudora Japanese version stops working after the application crashes
Impact Eudora Japanese version stops functioning, once crashed by opening an email message containing a crafted image file. Solution Products Affected Eudora for Windows, earlier than version 6.2J rev 4.2...
JVN#28011334 Opera bookmark function vulnerability
Impact An user cannot start Opera Web Browser because it crashes during startup. Solution Products Affected Opera for Windows, earlier than version 8.51 Opera for MacOS, earlier than version 8.51...
JVN#31226748 Vulnerability in multiple web browsers allowing request spoofing attacks
Impact Authentication information or cookie information could be leaked. Solution Products Affected For more information, refer to the vendors' websites...
JVN#23727054 Pochy denial-of-service (DoS) vulnerability
Impact A remote attacker could exploit this vulnerability to cause a denial-of-service DoS attack by sending a specially crafted email to a Pochy user. Solution Products Affected Pochy 0.2.1a...
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"
Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...
Multiple vulnerabilities in NEC Aterm series (NV26-001)
Overview Aterm series products provided by NEC Corporation contain multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2026-4309 Path traversal CWE-22 - CVE-2026-4619 OS command injection CWE-78 - CVE-2026-4620, CVE-2026-4622 Hidden functionality CWE-912 - CVE-2026-4621 The...
Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Overview Vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Multiple vulnerabilities in GroupSession
Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-53523 Stored cross-site scripting CWE-79 - CVE-2025-54407 Reflected cross-site scripting CWE-79 - CVE-2025-57883 Cross-site request forgery...
JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting
UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...
Apache Jena Fuseki vulnerable to path traversal
Overview Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 - CVE-2025-49656 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to the developer and IPA. After the coordination between the reporter and the...
JVN#39913189: TP-Link Archer C1200 vulnerable to clickjacking
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-6983 Impact If a user views a malicious pag...
JVN#51394666: Multiple vulnerabilities in wivia 5
wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H Base Score 6.7 CVE-2025-41385 Cross-site Scripting CWE-...
JVN#05508012: EXIF Viewer Classic vulnerable to cross-site scripting
EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor informs us...
JVN#67456481: Pgpool-II vulnerable to information disclosure
Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability CWE-213 in its query cache function. Impact If a database user access a query cache, table data unauthorized for the user may be retrieved. Solution Update the Software Apply the appropriate updates...
JVN#78728294: Firmware update for RICOH JavaTM Platform resets the TLS configuration
JavaTM Platform provided by Ricoh Company, Ltd. is the execution environment for firmware extensions of Ricoh MFPs and printers, providing TLS Transport Layer Security communication mechanism. When the firmware for JavaTM Platform is updated from Ver.12.89 or earlier versions to a newer version,...
Multiple vulnerabilities in Panasonic AiSEG2
Overview Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Improper Authentication CWE-287 - CVE-2023-28727 Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic...
cordova-plugin-ionic-webview vulnerable to path traversal
Overview cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm...
WordPress plugin "Multi Feed Reader" vulnerable to SQL injection
Overview The WordPress plugin "Multi Feed Reader" contains an SQL injection vulnerability CWE-89. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker who...
JVN#24560784: Adobe Reader X vulnerable to sandbox bypass
Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed. Impact Arbitrary process using arbitrary arguments may be executed with the privileges of the user. Solution Update the software and apply MS13-005 Update to the latest version of Adobe Reader X and make sure that...
JVN#26408023: Internet Explorer vulnerable to cross-site scripting
Internet Explorer contains a cross-site scripting vulnerability due to the processing of malformed file names. Impact An arbitrary script may be executed on the user's web browser when the setting for "Use folder view for FTP sites" is turned off. Note that this setting is turned on by default...