Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Virus Buster Corporate Edition vulnerability

Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...

5CVSS6.7AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Shuriken Pro3 S/MIME signature verification does not verify the From address

Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...

5CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability

Overview eaycheckx509cert in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. Impact An attacker could bypass IKE authentication using invalid X.509 cerfiticates. Solution Please refer to the 'Vendor...

10CVSS6.8AI score0.0544EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

DeleGate Multiple Buffer Overflow Vulnerabilities

Overview DeleGate suffers buffer overflow when scanf, strncpy and other string handling process are set to fail with a long string sent by proxy. Impact An attacker could execute arbitrary code with the privileges of the user running DeleGate. Solution Please refer to the 'Vendor Information'...

7.5CVSS7.9AI score0.02387EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...

6.4CVSS6.5AI score0.01878EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Lhaplus buffer overflow vulnerability

Overview Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user...

7.5CVSS7.4AI score0.04119EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.6 views

Aipo session fixation vulnerability

Overview Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user log...

5.8CVSS6.7AI score0.00821EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/07/01 5:55 a.m.5 views

Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection

Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...

8.6CVSS7.1AI score0.01129EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/30 9:7 a.m.5 views

RPG MAKER MV and MZ vulnerable to OS command injection

Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...

8.4CVSS7.1AI score0.00677EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/17 5:8 a.m.5 views

Multiple vulnerabilities in Canon EOS Network Setting Tool

Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...

9.8CVSS5.8AI score0.00267EPSS
Exploits0References13
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/17 4:53 a.m.5 views

OS command injection in RadiX AX6600 WiFi 6 Tri-Band Gaming Router

Overview RadiX AX6600 WiFi 6 Tri-Band Gaming Router provided by Micro-Star International Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-53876 KAZUHIRO SHIBUTA of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

8.6CVSS7.1AI score0.01786EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/15 6:30 a.m.5 views

Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers

Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/02 5:58 a.m.5 views

Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2026-32925 Out-of-bounds read in VS6ComFile!loadlinkinf CWE-125 - CVE-2026-32926 Out-of-bounds read in...

8.4CVSS6.8AI score0.00209EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/26 8:41 a.m.5 views

Digital Photo Frame GH-WDF10A vulnerable to improper access restriction

Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7CVSS6.8AI score0.00174EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/26 8:41 a.m.5 views

Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427 - CVE-2026-28760 Incorrect default permissions CWE-276 - CVE-2026-32680 Kazuma Matsumoto of GMO Cybersecurit...

8.5CVSS7.3AI score0.00175EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/23 5:54 a.m.5 views

Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)

Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

9.8CVSS6.3AI score0.0039EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/25 6:14 a.m.5 views

Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...

9.8CVSS6.5AI score0.00566EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/09 6:21 a.m.5 views

Oki Electric Industry products and OEM products register Windows services with unquoted file paths

Overview Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-24466 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IP...

8.4CVSS6AI score0.00137EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/03 5:57 a.m.5 views

Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries

Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...

8.4CVSS5.5AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.5 views

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

8.8CVSS5.8AI score0.0133EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/02 6:18 a.m.5 views

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

7.6CVSS5.6AI score0.00284EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/27 9:22 a.m.5 views

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

7.3CVSS5.9AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/20 11:0 a.m.5 views

ETERNUS SF vulnerable to insertion of sensitive information into maintenance data

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

5.6CVSS5.6AI score0.00099EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/01/07 1:46 a.m.5 views

Authentication bypass vulnerability in OpenBlocks series

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...

8.8CVSS8.8AI score0.00279EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/12/24 2:10 a.m.5 views

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...

9.8CVSS6.7AI score0.00286EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/12/08 5:6 a.m.5 views

GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths

Overview FULLBACK Manager Pro provided by GS Yuasa International Ltd. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66461 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

8.4CVSS7AI score0.00135EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/25 8:17 a.m.5 views

Multiple vulnerabilities in Security Point (Windows) of MaLion

Overview Security Point Windows of MaLion provided by Intercom, Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2025-59485 Stack-based buffer overflow in processing HTTP headers CWE-121 - CVE-2025-62691 Heap-based buffer overflow in processing...

9.8CVSS8.6AI score0.00593EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/25 5:59 a.m.5 views

Multiple vulnerabilities in SNC-CX600W

Overview SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2025-62497 Cross-site scripting CWE-79 - CVE-2025-64730 The following people reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer...

6.5CVSS4.9AI score0.00174EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/25 5:15 a.m.5 views

"FOD" App uses hard-coded cryptographic keys

Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...

5.1CVSS4.7AI score0.0011EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/21 7:27 a.m.5 views

Multiple vulnerabilities in LogStare Collector

Overview LogStare Collector provided by LogStare Inc. contains multiple vulnerabilities listed below. Incorrect default permissions for the installation directory CWE-276 - CVE-2025-58097 Stored cross-site scripting vulnerability in UserManagement CWE-79 - CVE-2025-61949 Incorrect authorization i...

8.4CVSS6.2AI score0.00226EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/21 6:31 a.m.5 views

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts

Overview EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability. Improper restriction of excessive authentication attempts CWE-307 - CVE-2025-64310 Vladislav Khegay and Aigerim Alibek of Astana IT University...

9.8CVSS6.7AI score0.00413EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/17 5:9 a.m.5 views

"Dejira" App for iOS vulnerable to improper server certificate verification

Overview "Dejira" App for iOS provided by KDDI CORPORATION contains the following vulnerability. Improper server certificate verification CWE-295 Tsuyoshi Ogawa of SIE Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS4.9AI score0.00121EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/11/04 7:37 a.m.5 views

Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...

8.6CVSS7.4AI score0.0128EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/24 6:11 a.m.5 views

Multiple stored cross-site scripting vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Preview for Attachments CWE-79 - CVE-2025-58070 Stored cross-site scripting vulnerability in Body, Description and Comments CWE-79 -...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/22 6:44 a.m.5 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site scripting in the page alert function CWE-79 - CVE-2025-54806 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the...

6.1CVSS6.3AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/22 6:4 a.m.5 views

Multiple I-O DATA NAS management applications register Windows services with unquoted file paths

Overview Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. Multiple NAS management applications provided by I-O DATA DEVICE, INC. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-61865...

8.4CVSS7.4AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/22 4:54 a.m.5 views

Multiple stored cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit ContentData page CWE-79 - CVE-2025-54856 Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page...

4.8CVSS6.1AI score0.0021EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/16 8:30 a.m.5 views

Multiple vulnerabilities in desknet's NEO

Overview desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072 Reflected cross-site scripting CWE-79 - CVE-2025-52583 Stored cross-site scripting CWE-79 - CVE-2025-54859 Improper...

6.1CVSS6AI score0.00285EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/16 2:16 a.m.5 views

Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal

Overview Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains the following vulnerability. Path traversal CWE-22 - CVE-2025-61941 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Arbitrary file may be altered by ...

8.6CVSS6.9AI score0.00474EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/15 6:55 a.m.5 views

Multiple RSUPPORT products may insecurely load Dynamic Link Libraries

Overview Multiple RSUPPORT products contain multiple vulnerabilities listed below. RemoteView PC Application Console vulnerable to uncontrolled search path element CWE-427 - CVE-2025-26859 RemoteCall Remote Support Program for Operator vulnerable to uncontrolled search path element CWE-427 -...

8.5CVSS7.8AI score0.00157EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/15 6:54 a.m.5 views

Phoenix Contact CHARX SEC-3xxx vulnerable to code injection

Overview CHARX SEC-3xxx provided by Phoenix Contact contains the following vulnerability. Code injection CWE-94 - CVE-2025-41699 Ryo Kato of Panasonic Holdings Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.5AI score0.00881EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/29 5:44 a.m.5 views

DataSpider Servista improper restriction of XML external entity references

Overview DataSpider Servista provided by Saison Technology Co.,Ltd. is a data integration software. DataSpider Servista contains the following vulnerability. Improper restriction of XML external entity reference CWE-611 - CVE-2025-48006 Shigeaki Tsunoda of Cyber Defense Institute, Inc. reported...

9.1CVSS6.7AI score0.00496EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/12 4:57 a.m.5 views

WTW-EAGLE App vulnerable to improper server certificate validation

Overview WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 - CVE-2025-58781 Shogo Iyota of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.3CVSS6.5AI score0.00132EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 7:20 a.m.5 views

RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path

Overview RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-58400 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.4CVSS7.5AI score0.00161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/03 12:0 a.m.5 views

JVN#65839588: Web Caster V130 vulnerable to cross-site request forgery

Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 2.0...

3.7CVSS6.4AI score0.00119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 7:21 a.m.5 views

Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-54857 Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS8AI score0.03214EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 12:0 a.m.5 views

JVN#22016482: Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-54857 Impact A remote...

9.8CVSS8.1AI score0.03214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 12:0 a.m.5 views

JVN#55678602: Improper file access permission settings in multiple i-フィルター products

Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57846 Impact A...

8.5CVSS7.5AI score0.00138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/22 4:37 a.m.5 views

Western Digital Kitfox registers a Windows service with an unquoted file path

Overview Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-57699 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

8.4CVSS7.5AI score0.00155EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/21 5:3 a.m.5 views

Multiple vulnerabilities in Group-Office

Overview Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-53504 Path traversal CWE-22 - CVE-2025-53505 Rikuto Tauchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS6.5AI score0.00308EPSS
Exploits0References6
Total number of security vulnerabilities5000