5625 matches found
HP System Management Homepage cross-site scripting vulnerability
Overview A cross-site scripting vulnerability exists in Hewlett-Packard HP System Management Homepage SMH. HP System Management Homepage SMH from Hewlett-Packard is a web-based interface that can manage HP servers. A cross-site scripting vulnerability exists in SMH. It is also confirmed that Comp...
Internet Explorer vulnerable in MHTML handling
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...
rktSNS cross-site scripting vulnerability
Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...
Yayoi Kaikei improper handling of credential information
Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...
WebCart cross-site scripting vulnerability
Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Cosminexus javadoc Cross-Site Scripting Vulnerability
Overview The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities. Impact An attacker could exploit said HTML file vulnerable to cross-site scripting. Solution Please refer to the 'Vendor Information' section for official remediation and take...
MouseoverDictionary vulnerable to arbitrary script execution
Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...
Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page
Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Sun Java System Web Server cross-site scripting vulnerability
Overview Sun Java System Web Server originally called Sun ONE Web Server contains a cross-site scripting vulnerability. A vulnerable web server does not adequately validate the HTTP REFERER header before using the contents in the default error page. Impact A malicious script may be executed on th...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...
tDiary arbitrary Ruby script execution vulnerability
Overview tDiary is weblog software maintained by the tDiary development project. tDiary contains a vulnerability which allows a remote attacker to execute arbitrary Ruby scripts on a vulnerable system. Impact Depending on tDiary's configuration, an arbitrary Ruby script could be executed on the w...
JP1 Request Handling Denial of Service Vulnerabilities
Overview Hitachi JP1 products fails to handle unexpected requests and data, which could be exploited to cause a denial of service condition. Impact An attacker could cause a Denial of Service DoS. Solution Please refer to the 'Vendor Information' section for official remediation and take...
04WebServer directory traversal vulnerability
Overview 04WebServer, an open source web server, contains a vulnerability allowing directory traversal bypassing user authentication. Impact A remote attacker could bypass a user authentication and view server files. Solution None...
Cybozu Office 6 information disclosure vulnerability
Overview A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information. Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used,...
MDPro cross-site scripting vulnerability
Overview MDPro, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solutio...
Kmail CGI authentication bypass vulnerability
Overview Kmail CGI is a web mail system for cellular phones. Kmail CGI contains a user authentication bypass vulnerability. Impact A remote attacker may bypass Kmail CGI's user authentication, and view or delete the emails of Kmail users. Solution None...
Multiple vulnerabilities in Webmin and Usermin
Overview Webmin and Usermin, web-based system management tools, contain the following vulnerabilities: - Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions - Cross-site scripting We are aware that these vulnerabilities have been addressed in...
McAfee VirusScan Engine buffer overflow vulnerability
Overview McAfee VirusScan Engine contains a buffer overflow vulnerability. Impact A buffer overflow may occur when scanning a malformed LHA file. Solution None...
Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control
Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint
Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...
Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]
Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...
Security information for Hitachi Disk Array Systems
Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...
Security information for Hitachi Disk Array Systems
Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves improper authorization vulnerability. CVE-2025-2902 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1
Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...
Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager
Overview Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager contain a vulnerability CVE-2025-5781 that may allow session tokens to be stored. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
GROWI vulnerable to cross-site request forgery
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...
SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow
Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...
ELECOM Clone for Windows registers a Windows service with an unquoted file path
Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...
Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries
Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
Web Caster V130 vulnerable to cross-site request forgery
Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...
"Gunosy" App vulnerable to insertion of sensitive information into sent data
Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...
Improper file access permission settings in multiple i-FILTER products
Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
ScanSnap Manager installers vulnerable to privilege escalation
Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...
PgManage vulnerable to injection
Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection
Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple SEIKO EPSON products use weak initial passwords
Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...
Multiple Brother driver installers for Windows vulnerable to privilege escalation
Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...
KCM3100 vulnerable to authentication bypass using an alternate path or channel
Overview KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2025-51381 Namihiko Matsumura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Multiple vulnerabilities in RICOH Streamline NX PC Client
Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...
Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Overview Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was...
TimeWorks vulnerable to path traversal
Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
Mailform Pro CGI generating error messages containing sensitive information
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'
Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...
Pgpool-II vulnerable to authentication bypass by primary weakness
Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
Multiple vulnerabilities in GL-MT2500 and GL-MT2500A
Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...