5627 matches found
GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...
Arcserve UDP Console vulnerable to redirect to a dummy URL
Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...
Multiple vulnerabilities in Movable Type
Overview The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-25776 SQL injection CWE-89 - CVE-2026-33088 CVE-2026-25776 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six...
Multiple Vulnerabilities in Hitachi Ops Center Common Services
Overview Multiple vulnerabilities exist in Hitachi Ops Center Common Services. CVE-2024-4028, CVE-2025-8714, CVE-2025-8715, CVE-2025-10044, CVE-2025-12817, CVE-2025-12818, CVE-2025-41248, CVE-2025-41249, CVE-2026-1190 Impact Regarding the impact of the vulnerability, please refer to the vendor...
Multiple Vulnerabilities in Hitachi Ops Center Viewpoint
Overview Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-20846 | GDI+ Denial of Service Vulnerability CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability...
SANYO DENKI SANUPS SOFTWARE registers Windows services with unquoted file paths
Overview SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-33253 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Installer for Qsee Client may insecurely load Dynamic Link Libraries
Overview The installer for Qsee Client provided by Qsee contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-30896 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. report...
django-allauth vulnerable to open redirect
Overview django-allauth is a package for implementing user authentication in Django applications. django-allauth contains the following vulnerability. Open redirect CWE-601 - CVE-2026-27982 Ayato Shitomi of Fore-Z co.ltd and Funabiki Keisuke of GMO Cybersecurity by Ierae, Inc. reported this...
Multiple vulnerabilities in the installer of FinalCode Client
Overview The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2026-23703 Uncontrolled search path element CWE-427 - CVE-2026-25191 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...
Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of th...
Joomla! CMS vulnerable to cross-site scripting
Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Command injection vulnerability in ASUS routers
Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...
Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers
Overview Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237 Release of invalid pointer or referenc...
Multiple vulnerabilities in EATON UPS Companion
Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...
Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series"
Overview Wi-Fi router "WSR-1800AX4 series" provided by BUFFALO INC. contains the following vulnerability. Use of password hash with insufficient computational effort CWE-916 - CVE-2025-46413 Kazuaki Chikamori and Takayuki Tatekawa of National Institute of Technology, Kochi College reported this...
Multiple vulnerabilities in FUJI Electric V-SFT
Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2025-61856 Out-of-bounds write in VS6ComFile!CItemExChange::WinFontDynStrCheck CWE-787 - CVE-2025-61857...
OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path
Overview Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path CWE-428, CVE-2025-9818. OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution...
JVN#35290164: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly
"Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score...
JVN#90566559: Apache Jena Fuseki vulnerable to path traversal
Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score 2.7 CVE-2025-49656 Impact A remore...
JVN#59585716: "SwitchBot" App vulnerable to insertion of sensitive information into log file
"SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.1 CVE-2025-53649 Impact...
JVN#24333956: SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1...
Active! mail vulnerable to stack-based buffer overflow
Overview Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. QUALITIA CO., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)
Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Apex Central 2019 Information Disclosure due to...
JVN#19358384: hostapd vulnerable to improper processing of RADIUS packets
hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. Impact When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS...
JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)
RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a specific...
RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
Overview RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. contain an incorrect resource transfer between spheres vulnerability. RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. build a sandbox environment isolated from a server or a client's...
JVN#91300609: RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. build a sandbox environment isolated from a server or a client's local environment. These products provide the function enabling execution of sanitizing files when downloading files from the sandbox environment to the...
JVN#84319378: acmailer vulnerable to cross-site scripting
acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product. Solution Update the software Update the software to the latest versi...
JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2
UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
JVN#53958863: Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers
UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contain multiple vulnerabilities listed below. Command injection CWE-77 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2024-11013 Cross-site request forgery CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base...
JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling
HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...
JVN#39280069: RevoWorks Cloud vulnerable to unintended process execution
RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes...
JVN#28515217: Cleartext transmission issue in TONE store App to TONE store
TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website CWE-419. Impact A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App. Solution Update the application Update the application to...
Armeria-saml improperly handles SAML messages
Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...
WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
LINE for iOS fails to verify SSL server certificates
Overview LINE for iOS provided by LINE Corporation fails to verify SSL server certificates due to the vulnerability existed in the Third Party SDK which is incorporated in the application. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
Overview Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and Shun Suza...
Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files
Overview FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may...
Cybozu KUNAI for Android vulnerable to cross-site scripting
Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...
WNC01WH vulnerable to OS command injection
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability CWE-78. Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
Cybozu Mailwise vulnerable to mail header injection
Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...
FileMaker server issue where PHP source code may be viewable
Overview FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple Buffalo network devices vulnerable to cross-site request forgery
Overview Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability CWE-352. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...
QNAP QTS vulnerable to OS command injection
Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Help Page in multiple Adobe products vulnerable to cross-site scripting
Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
Information disclosure vulnerability in Sleipnir Mobile for Android
Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...
Android OS vulnerable to arbitrary Java method execution
Overview Android OS contains a vulnerability where an arbitrary Java method may be executed. Tamami Eguchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When viewing a specially crafted page using the...
JBoss RichFaces vulnerable to remote code execution
Overview JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization. JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interfa...