Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/11/06 4:48 a.m.•7 views

Wi-Fi STATION L-02F vulnerable to buffer overflow

Overview Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a buffer overflow vulnerability. Daisuke Makita and Hayato Ushimaru of National Institute of Information and Communications Technology, Jumpei Shimamura of clwit, Inc. and Katsunari Yoshioka of Yokohama National University reporte...

10CVSS8AI score0.0231EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/09/11 5:55 a.m.•7 views

Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files

Overview FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may...

9.3CVSS6.8AI score0.01059EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/01 6:53 a.m.•7 views

PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory CWE-427 . Eiji James Yoshida of Security...

7.8CVSS6.9AI score0.00739EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/05 6:2 a.m.•7 views

ManageEngine Password Manager Pro fails to restrict access permissions

Overview ManageEngine Password Manager Pro provided by Zoho Corporation fails to restrict access permissions. Impact A user may gain unauthorized access to other users' password entry history. Solution Update the Software This vulnerability has been addressed in Password Manager Pro 8.4.0 Build...

6.8CVSS6.8AI score0.0332EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/19 6:32 a.m.•7 views

Installer of Evernote for Windows may insecurely load Dynamic Link Libraries

Overview The installer of Evernote for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

7.8CVSS6.9AI score0.01534EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/15 5:26 a.m.•7 views

H2O use of externally-controlled format string

Overview H2O is an open source web server software. H2O uses externally-controlled format strings CWE-134 in the code which output error logs. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information...

7.5CVSS7AI score0.01802EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/19 5:13 a.m.•7 views

Geeklog IVYWE edition contains a cross-site scripting vulnerability

Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.1CVSS6AI score0.01307EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/08/16 5:10 a.m.•7 views

Cybozu Mailwise vulnerable to mail header injection

Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...

4.3CVSS6.9AI score0.01481EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/20 8:20 a.m.•7 views

Apache Struts vulnerable to input validation bypass

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain an input validation bypass vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc...

7.5CVSS6.7AI score0.10013EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon logging function vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

4.3CVSS6.5AI score0.01455EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 7:18 a.m.•7 views

Cybozu Garoon vulnerable to information disclosure

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC...

7.5CVSS6.1AI score0.01552EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/01/15 4:57 a.m.•7 views

H2O vulnerable to HTTP header injection

Overview H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Kazuho Oku reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Kazuho Oku coordinated under the Information Security Early Warning Partnership. Impact...

4.3CVSS7.1AI score0.01459EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/05 5:11 a.m.•7 views

Multiple TYPE-MOON games vulnerable to OS command injection

Overview Multiple games provided by TYPE-MOON contain an OS command injection vulnerability CWE-78 due to an issue in loading save data. KUSANO Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...

10CVSS7.6AI score0.0372EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/11/14 5:37 a.m.•7 views

Direct Web Remoting (DWR) vulnerable to cross-site scripting

Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

4.3CVSS5.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/10/28 5:39 a.m.•7 views

QNAP QTS vulnerable to OS command injection

Overview QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability CWE-78. Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the...

10CVSS7.8AI score0.99999EPSS
Exploits158References30
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/18 4:50 a.m.•7 views

FuelPHP vulnerable to remote code execution

Overview FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.5CVSS7.9AI score0.02718EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/22 6:29 a.m.•7 views

Information disclosure vulnerability in Sleipnir Mobile for Android

Overview Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may result in the disclosure of a user's location. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an issue in handling Geolocation API, which may resul...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/12/24 6:2 a.m.•7 views

VMware ESX and ESXi may allow access to arbitrary files

Overview VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

4.4CVSS7AI score0.00353EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/22 5:50 a.m.•7 views

D-Link DES-3800 Series vulnerable to denial-of-service (DoS)

Overview DES-3800 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in the implementation of SSH. Note that this vulnerability is different from JVN28812735. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IP...

6.8CVSS6.6AI score0.01198EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/17 4:55 a.m.•7 views

Drupal Form API fails to validate the redirect URL

Overview Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Katsuhiko Nakanishi from NEC...

5.8CVSS6.7AI score0.01378EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 6:2 a.m.•7 views

Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service

Overview CodeMeter Runtime provided by Wibu-Systems AG contains a denial-of-service vulnerability. CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Kuang-Chun Hung of Security Research and Service Institute -...

5CVSS6.7AI score0.05107EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 10:24 a.m.•7 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui...

5CVSS5.8AI score0.01029EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 9:39 a.m.•7 views

BaserCMS vulnerable to cross-site scripting

Overview BaserCMS contains a cross-site scripting vulnerability. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.1AI score0.01542EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/26 4:37 a.m.•7 views

WalRack upload file handilng vulnerability

Overview WalRack Walrus File Rack CGI contains a vulnerability in handling upload files. WalRack is a CGI that provides an interface to upload files on the Web. WalRack contains a vulnerability in handling upload files. Impact An arbitrary PHP script may be executed on the server where WalRack is...

6.8CVSS6.9AI score0.01424EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/08/04 5:34 a.m.•7 views

Multiple Panasonic Communications Co., Ltd. network cameras vulnerable to cross-site scripting

Overview Multiple Panasonic Communications Co., Ltd. network cameras contain a cross-site scripting vulnerability. Panasonic Communications Co., Ltd. network camera BL-C111/131 and BB-HCM511/531/580/581/527/515 error pages contain a cross-site scripting vulnerability. NetAgent Co., Ltd. reported...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•7 views

SSL-VPN products vulnerable to cookie theft

Overview When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted. Impact An attacker may be able to intercept a session ID stored in a cookie and hijack ...

2.1CVSS6.7AI score0.00433EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/05/20 3:0 p.m.•7 views

IP Messenger for Win Filename Buffer Overflow Vulnerability

Overview IP Messenger for Win suffers buffer overflow when the user saves an attached file with a long name sent with the message. Impact An attacker could execute arbitrary code with the privileges of the user running IP Messenger. Solution Please refer to the 'Vendor Information' section for...

10CVSS8AI score0.05332EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/30 9:7 a.m.•6 views

Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor

Overview Web Image Monitor provided by Ricoh Company, Ltd. is a web server that is included in and runs on laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2026-56809 Tomasz Holeksa of Pentest...

6.1CVSS6.3AI score0.00187EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/29 5:18 a.m.•6 views

Multiple vulnerabilities in Fluentd

Overview Fluentd provided by Fluentd Project contains multiple vulnerabilities listed below. Path traversal in $tag Placeholder CWE-22 - CVE-2026-44024 Missing authentication for critical function in Monitor Agent API CWE-306 - CVE-2026-44025 Improper handling of highly compressed data in inhttp...

9.8CVSS6AI score0.01107EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/06/26 5:25 a.m.•6 views

ExpressUpdate Agent for Windows improper access restriction on its named pipe

Overview ExpressUpdate Agent for Windows provided by NEC Corporation is the software module for NEC server products, to support remote management of installed software. ExpressUpdate Agent for Windows configures its named pipe with an improper access restriction. Exposed IOCTL with Insufficient...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/14 9:13 a.m.•6 views

Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers

Overview Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2026-35553 Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 9:13 a.m.•6 views

Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries

Overview OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace Windows Edition contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element...

8.4CVSS7AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/17 7:42 a.m.•6 views

Vulnerability in Hitachi Command Suite

Overview VulnerabilityCVE-2025-48976 has been found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.64718EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/17 5:57 a.m.•6 views

Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries

Overview The installer for IBM Trusteer Rapport provided by IBM contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-2713 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS5.9AI score0.00147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/16 8:18 a.m.•6 views

Missing authorization in the OpenAI thread/message API endpoints of GROWI

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Missing authorization in the OpenAI thread/message API endpoints CWE-862 - CVE-2026-25083 This can be exploited only when an attacker knows a shared AI assistant's identifier Sho Odagiri of GMO Cybersecurity by Ierae, In...

8.7CVSS7.2AI score0.0033EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 3:20 a.m.•6 views

Multiple vulnerabilities in Dell UPS Multi-UPS Management Console (MUMC)

Overview UPS Multi-UPS Management Console MUMC provided by Dell Inc. contains multiple vulnerabilities listed below. Unquoted search path or element CWE-428 - CVE-2026-26033 Incorrect default permissions CWE-276 - CVE-2026-26034 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these...

8.5CVSS7.1AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/27 6:41 a.m.•6 views

IM-LogicDesigner module of intra-mart Accel Platform vulnerable to untrusted data deserialization

Overview IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains the following vulnerability. Untrusted data deserialization CWE-502 - CVE-2026-27776 This can be exploited only when IM-LogicDesigner is deployed Masataka Sagami reported this...

8.8CVSS7.1AI score0.00367EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/27 6:41 a.m.•6 views

Improper file access permission settings in the installers for multiple Soliton Systems products

Overview The installers for multiple products provided by Soliton Systems K.K. contain the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-27653 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.7CVSS6AI score0.00088EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/20 3:32 a.m.•6 views

WordPress Plugin "Survey Maker" vulnerable to cross-site scripting

Overview WordPress Plugin "Survey Maker" provided by Ays Pro contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-26370 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

6.1CVSS5.6AI score0.00193EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/20 3:31 a.m.•6 views

Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries

Overview The installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool contains the following vulnerability related to the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-26050 Kazuma...

8.4CVSS5.7AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/17 11:46 a.m.•6 views

Multiple Vulnerabilities in Hitachi Command Suite products

Overview Multiple vulnerabilities have been found in Hitachi Command Suite products. CVE-2024-38477, CVE-2024-2511 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

7.5CVSS7.8AI score0.54026EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/17 11:46 a.m.•6 views

Vulnerability in Cosminexus HTTP Server

Overview Vulnerability has been found in Cosminexus HTTP Server. CVE-2025-23048 This vulnerability does not apply if SSL is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

9.1CVSS5.5AI score0.0097EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/12 4:32 a.m.•6 views

Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries

Overview The installer of M-Track Duo HD provided by M-Audio contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-25676 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc...

7.8CVSS5.5AI score0.00187EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/05 6:1 a.m.•6 views

web2py vulnerable to open redirect

Overview web2py contains the following vulnerability. Open redirect CWE-601 - CVE-2026-25198 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a speciall...

5.1CVSS5.7AI score0.00294EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/02/04 7:15 a.m.•6 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...

6.5CVSS5.5AI score0.00216EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/30 5:23 a.m.•6 views

Undocumented "TelnetEnable" functionality of End of Service NETGEAR products

Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...

8.7CVSS5.9AI score0.00228EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/21 6:17 a.m.•6 views

Ruijie Networks AP180 series vulnerable to OS command injection

Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.6CVSS5.9AI score0.0154EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/09 9:17 a.m.•6 views

RICOH Streamline NX vulnerable to improper authorization

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Improper authorization CWE-639 - CVE-2026-21409 Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

8.2CVSS5.7AI score0.00327EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/08 4:47 a.m.•6 views

The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries

Overview The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-21427 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.5CVSS7.9AI score0.00175EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 5:19 a.m.•6 views

Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2

Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.5CVSS7.8AI score0.00123EPSS
Exploits0References5
Total number of security vulnerabilities5000