5625 matches found
JVN#46244305 eyeOS cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result. Solution Products Affected eyeOS version 0.8.10 - 0.8.15...
JVN#73705637 ACollab SQL injection vulnerability
Impact A remote attacker could modify the database contents or steal data. An attacker could also bypass authentication and impersonate a user. Solution Products Affected ACollab 1.2 and earlier Development and maintenance of ACollab finished with version 1.2 as of July 6, 2006. However ATutor...
JVN#89344424 Multiple email clients vulnerable in handling an attachement inapropriately
Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displaye...
JVN#76357668 MitakeSearch cross-site scripting vulnerability
Impact A malicious script may be executed on the user's web browser. Solution Products Affected MitakeSearch V4.2...
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2025-65082 This vulnerability will not occur if CGI is not used. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...
Link following vulnerability in Canon My Image Garden for macOS and CUPS Printer Driver for macOS
Overview My Image Garden for MacOS and CUPS Printer Driver for macOS provided by Canon Inc. contain the following vulnerability. Improper link resolution before file access 'Link following' CWE-59 - CVE-2026-6891, CVE-2026-6892 Canon Inc. reported this vulnerability to JPCERT/CC to notify users o...
Multiple vulnerabilities in LogonTracer
Overview LogonTracer provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC is a tool to investigate malicious Windows logons by visualizing and analyzing Windows event logs. LogonTracer contains multiple vulnerabilities listed below. OS command injection CWE-78 -...
Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries
Overview LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-32679 This...
Multiple vulnerabilities in CubeCart
Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2026-21719 SQL injection CWE-89 - CVE-2026-34018 Path traversal CWE-22 - CVE-2026-35496 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...
GROWI vulnerable to stored cross-site scripting
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
EmoCheck loads Dynamic Link Libraries insecurely
Overview EmoCheck is a tool for detecting infections by "Emotet" malware, provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC. EmoCheck loads Dynamic Link Libraries insecurely. Uncontrolled search path element CWE-427 - CVE-2026-28704 ryo shimada of Powder Keg...
WordPress Plugin "OpenStreetMap" vulnerable to cross-site scripting
Overview WordPress Plugin "OpenStreetMap" provided by MiKa contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-33559 Naoya Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact O...
EC-CUBE vulnerable to multi-factor authentication bypass
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...
Multiple Vulnerabilities in Cosminexus
Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to...
Multiple Vulnerabilities in JP1
Overview Multiple vulnerabilities have been found in JP1. CVE-2024-38473, CVE-2024-38477 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
FileZen vulnerable to OS command injection
Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...
Multiple vulnerabilities in ELECOM wireless LAN products
Overview Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2026-20704 OS command injection CWE-78 - CVE-2026-22550 Use of weak credentials CWE-1391 - CVE-2026-24449 Stack-based buffer overflow CWE-121 -...
Archer MR600 vulnerable to OS command injection
Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...
JVN#48739895: Multiple vulnerabilities in TkEasyGUI
TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-55037 Uncontrolled search path...
Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...
JVN#16547726: Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score...
"SwitchBot" App vulnerable to insertion of sensitive information into log file
Overview "SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-53649 Soh Satoh reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
JVN#07825095: "region PAY" App for Android vulnerable to insertion of sensitive information into log file
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 2.4...
JVN#89505333: Multiple vulnerabilities in Active! mail
Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-52462 Cross-site request...
Denial-of-service (DoS) vulnerabilities in multiple Apache products
Overview Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 - CVE-2025-48976, CVE-2025-48988 TERASOLUNA Framework Security Team of NTT DATA Group Corporation reported this...
JVN#92520966: Multiple vulnerabilities in iroha Board
iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-41404 Cross-site request forgery...
JVN#39435597: Multiple vulnerabilities in ELECOM wireless LAN routers
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4...
JVN#10964289: Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-36513 Impact I...
JVN#68079883: Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score...
Out-of-bounds read vulnerability in OMRON CX-Programmer
Overview CX-Programmer provided by OMRON Corporation contains an out-of-bounds read vulnerability CWE-125, CVE-2025-0591. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Having a user open a specially crafted file may lead to information...
JVN#96957439: acmailer CGI and acmailer DB vulnerable to OS command injection
acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the software Update the software to the latest version according to the information provided by the...
JVN#78356367: Multiple NTT EAST Home GateWay/Hikari Denwa routers fail to restrict access permissions
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION fail to restrict access permissions CWE-451. Impact An attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Solution Update the firmware Updat...
Intel Dual Band Wireless-AC 8260 vulnerable to denial-of-service (DoS)
Overview Intel Dual Band Wireless-AC 8260 contains a denial-of-service DoS vulnerability CWE-400. Yusuke Ogawa of Cisco Systems G.K. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker may be able to...
Multiple SONY network cameras vulnerable to sensitive information disclosure
Overview Multiple SONY network cameras contain a sensitive information disclosure vulnerability. SEC Consult reported this vulnerability to Sony, and Sony reported this vulnerability to JPCERT/CC to notify the solution to users through JVN. JPCERT/CC and Sony coordinated for the publication of th...
Cybozu Office vulnerable to information disclosure
Overview Cybozu Office contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in...
ETX-R vulnerable to cross-site request forgery
Overview ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
CSWorks LiveData Service vulnerable to denial-of-service (DoS)
Overview LiveData Service, a server component of CSWorks contains a denial-of-service DoS vulnerability. LiveData Service, a server component of CSWorks, contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
JVN#66303599 WebCart cross-site scripting vulnerability
WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version provided by the vendor. For more...
JVN#40511721 MailDwarf cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected MailDwarf ver3.01 or earlier...
JVN#45006961 Joomla! cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected Joomla! 1.0.11 and earlier...
JVN#90815371 Ichitaro buffer overflow vulnerability
Impact Arbitrary code could be executed on the Ichitaro user's PC, if the user opens a specially crafted Ichitaro file sent by a remote attacker. Solution Products Affected Ichitaro 2006 Ichitaro 2006 demo version Ichitaro Government 2006 For more information, refer to the vendor's web site...
Improper file access permission settings in the installers for Optical Disc Archive Software for Windows
Overview Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-50255 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems
Overview When a large number of malicious packets are received, the iSCSI port may become unresponsive. CVE-2025-7737 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...
CamView installer insecurely loads Dynamic Link Libraries
Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...
CMS ALAYA vulnerable to SQL injection
Overview CMS ALAYA provided by KANATA Limited contains the following vulnerability. SQL injection CWE-89 - CVE-2026-40529 Naoto Senda of Five Drive Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...
Arcserve UDP Console vulnerable to redirect to a dummy URL
Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...
Multiple Vulnerabilities in Hitachi Ops Center Viewpoint
Overview Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution...