5627 matches found
SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
Overview SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA...
Google Chrome information disclosure vulnerability
Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
TeraPad may insecurely load dynamic libraries
Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...
Cisco Router and Security Device Manager vulnerable to cross-site scripting
Overview Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability. Cisco Router and Security Device Manager SDM is a web-based device management tool for Cisco routers. Cisco Router and Security Device Manager SDM contains a cross-site scripting vulnerability...
tDiary plugin tb-send.rb vulnerable to cross-site scripting
Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...
WebCalenderC3 vulnerable to directory traversal
Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
XOOPS Cube Legacy cross-site scripting vulnerability
Overview XOOPS Cube Legacy from XOOPS Cube Project contains a cross-site scripting vulnerability. XOOPS Cube Legacy from XOOPS Cube Project is an open source contents management system. XOOPS Cube Legacy contains a cross-site scripting vulnerability. According to the developers, a XOOPS Cube Lega...
JP1/Integrated Management Service Support Cross-Site Scripting Vulnerability
Overview JP1/Integrated Management Service Support is vulnerable to cross-site scripting due to failure to properly process requests. Impact An attacker could perform cross-site scripting attacks by embedding malicious scripts in a request. Solution Please refer to the 'Vendor Information' sectio...
BrightStor ARCserve and eTrust Antivirus Arbitrary Code Execution Vulnerability
Overview BrightStor ARCserve Backup and eTrust Antirus r7.1 have a problem in handling RPC requests and are vulnerable to arbitrary code execution. Impact A remote authenticated attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the official...
Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability
Overview The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files. Impact A remote attacker could read or delete arbitrary files. Solution Please refer to the 'Vendor Information' section fo...
Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability
Overview The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling. Impact A remote attacker could execute arbitrary code by sending a long URI. Solution Please refer to the 'Vendor Information' section for the vendor...
X.Org Foundation X server buffer overflow vulnerability
Overview X server provided by the X.Org Foundation contains a buffer overflow vulnerability. The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font PCF format fonts...
Lhaplus buffer overflow vulnerability
Overview Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. Lhaplus, software for compression and decompression supporting various compressed file formats, contains a buffer overflow vulnerability. If a user...
SonicStage CP buffer overflow vulnerability
Overview SonicStage CP is vulnerable to buffer overflow. Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension. Impact Importing a...
CGI RESCUE WebFORM missing mail content vulnerability
Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...
Apache Tomcat sample web application cross-site scripting vulnerability
Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...
Cosminexus Denial of Service Vulnerability
Overview JSSE Java Secure Socket Extension in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS...
Aipo session fixation vulnerability
Overview Aipo, groupware from Aimluck, Inc., contains a session fixation vulnerability. Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-blogging. Aipo contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user log...
Adobe JRun cross-site scripting vulnerability
Overview Adobe JRun is an application server based on J2EE Java 2 Platform Enterprise Edition. Adobe JRun contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from ...
Sage vulnerable to arbitrary script execution
Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...
Lunascape RSS reader arbitrary script execution vulnerability
Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...
Java Web Start vulnerable to execution of unauthorized system classes
Overview Java Web Start, included in the JRE Java Runtime Environment from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing...
Shuriken Pro3 S/MIME signature verification does not verify the From address
Overview Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly. Impact A user can not notice a forged message when it is signed with a proper digital signature and the From address is forged, because the software does not alert...
WirelessIP5000 has multiple vulnerabilities
Overview WirelessIP5000, a wireless IP phone from Hitachi Cable, contains multiple vulnerabilities; - Illegal access using the port TCP3390 - SNMP access using an arbitrary community name - Access to the HTTP server by an unauthorized user in the factory default configuration - The HTTP server...
Apache Tomcat denial of service vulnerability
Overview Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages technologies. Apache Tomcat contains a vulnerability that may allow a remote attacker to cause a denial of service DoS. Impact A remote attacker may cause a denial of service DoS. Solution...
KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability
Overview eaycheckx509cert in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. Impact An attacker could bypass IKE authentication using invalid X.509 cerfiticates. Solution Please refer to the 'Vendor...
Virus Buster Corporate Edition vulnerability
Overview Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file Outbreak Prevent Policy configuration file, when a specific URL is entered to the management console. Impact An attacker could distrubute viruses that sneak through the policy by...
Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection
Overview SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-50043 Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported...
RPG MAKER MV and MZ vulnerable to OS command injection
Overview RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. are game development tools, which provide "save data" facility to create a file to preserve game status and related parameters. A user can save the current game status to a save-file, and later load the file to resume playing the...
Multiple vulnerabilities in Canon EOS Network Setting Tool
Overview FTP/FTPS/SFTP Communication Testing features of PC Software EOS Network Setting Tool provided by Canon Inc. contain multiple vulnerabilities listed below. Improper validation of SSH host key CWE-295 - CVE-2026-9258 Improper validation of server certificate CWE-295 - CVE-2026-9259 Use of...
Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers
Overview Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability: Privilege escalation CWE-427 - CVE-2026-50100 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd...
Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)
Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2026-32925 Out-of-bounds read in VS6ComFile!loadlinkinf CWE-125 - CVE-2026-32926 Out-of-bounds read in...
Digital Photo Frame GH-WDF10A vulnerable to improper access restriction
Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...
Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries
Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...
Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...
OS command injection in raspap-webgui
Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Sonatype Nexus Repository vulnerable to server-side request forgery
Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
beat-access for Windows may insecurely load Dynamic Link Libraries
Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...
ETERNUS SF vulnerable to insertion of sensitive information into maintenance data
Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Authentication bypass vulnerability in OpenBlocks series
Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...
Media Player MP-01 vulnerable to Missing Authentication for Critical Function
Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...
GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths
Overview FULLBACK Manager Pro provided by GS Yuasa International Ltd. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66461 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...
Multiple vulnerabilities in Security Point (Windows) of MaLion
Overview Security Point Windows of MaLion provided by Intercom, Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2025-59485 Stack-based buffer overflow in processing HTTP headers CWE-121 - CVE-2025-62691 Heap-based buffer overflow in processing...
Multiple vulnerabilities in SNC-CX600W
Overview SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2025-62497 Cross-site scripting CWE-79 - CVE-2025-64730 The following people reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer...
"FOD" App uses hard-coded cryptographic keys
Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...
Multiple vulnerabilities in LogStare Collector
Overview LogStare Collector provided by LogStare Inc. contains multiple vulnerabilities listed below. Incorrect default permissions for the installation directory CWE-276 - CVE-2025-58097 Stored cross-site scripting vulnerability in UserManagement CWE-79 - CVE-2025-61949 Incorrect authorization i...
EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts
Overview EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability. Improper restriction of excessive authentication attempts CWE-307 - CVE-2025-64310 Vladislav Khegay and Aigerim Alibek of Astana IT University...
"Dejira" App for iOS vulnerable to improper server certificate verification
Overview "Dejira" App for iOS provided by KDDI CORPORATION contains the following vulnerability. Improper server certificate verification CWE-295 Tsuyoshi Ogawa of SIE Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series
Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...