5625 matches found
phpAdsNew cross-site scripting vulnerability
Overview phpAdsNew, an open source web advertising management system, contains a cross-site scripting vulnerability. Note that phpAdsNew is now called "Openads." The products listed below use the same module as phpAdsNew thus they are also affected by the vulnerability. - phpPgAds 2.0.9-pr1 and...
CCC Cleaner division-by-zero vulnerability when scanning UPX-packed executables
Overview CCC Cleaner, provided from Cyber Clean Center between January 25 and March 12, 2007, contains a division-by-zero vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by the "Antivirus UPX Parsing Kernel Buffer Overflow Vulnerability" on TrendMicro'...
NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability
Overview NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly. Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu...
Canon Network Camera Server VB100 Series vulnerable to cross-site scripting
Overview Canon Network Camera Server VB100 Series contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the camera server management screen. Solution None...
Lunascape RSS reader arbitrary script execution vulnerability
Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...
dotProject cross-site scripting vulnerability
Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, sessio...
Internet Explorer vulnerable in MHTML handling
Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...
sHTTPd cross-site scripting vulnerability
Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...
RaidenHTTPD cross-site scripting vulnerability
Overview RaidenHTTPD, from Sonei Information Systems TEAM JOHNLONG, contains a cross-site scripting vulnerability. RaidenHTTPD is a multipurpose web server for Windows provided by TEAM JOHNLONG. RaidenHTTPD contains a cross-site scripting vulnerability. Impact Arbitrary code could be executed on...
Lhaca LHZ Archive Extended Header Size Processing Buffer Overflow Vulnerability
Overview Lhaca does not process an LHZ archive with an invalid Extended Header Size properly, which could lead to buffer overflow. This problem is reported to be different from the issue identified in JVNDB-2007-000492 CVE-2007-3375. Impact An attacker could execute arbitrary code. Solution Pleas...
WebCart cross-site scripting vulnerability
Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...
Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
Overview The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service DoS. Impact An attacker could cause a Denial of Service DoS or execute arbitrary code. Solution Please refer to the 'Vendor Information' section for official...
Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page
Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...
Ichitaro series buffer overflow vulnerability
Overview The "Ichitaro" series word processing software contains a buffer overflow vulnerability. This vulnerability is different from JVN32981509 and JVN50495547. The "Ichitaro" series word processing software, from JustSystems Corporation, contains a buffer overflow vulnerability. If a user ope...
Hitachi JP1/File Transmission Server/FTP Authentication Bypass Vulnerability
Overview Hitachi JP1/File Transmission Server/FTP contains a vulnerability which could be exploited to bypass authentication. Impact An attacker could view the files in a certain directory. Solution Please refer to the 'Vendor Information' section for official remediation and take appropriate...
JP1/Cm2/Network Node Manager Arbitrary Code Execution Vulnerability
Overview Shared Trace Service in JP1/Cm2/Network Node Manager NNM is vulnerable to arbitrary code execution. Impact An attacker could execute arbitrary code. Solution Please refer to the 'Vendor Information' section for the vendor recommended workaround...
Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
Overview When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process. Impact An attacker could exploit the vulnerability to obtain...
LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
Overview LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow. Impact An attacker could execute arbitrary code with the privilege of the user running LHa. Solution Please refer to the 'Vendor Information'...
Safari allows access from HTTP to HTTPS
Overview Apple Safari contains a vulnerability that allows a remote attacker to access HTTPS content via an HTTP session. Safari is a default web browser installed in Mac OS X and iPhone. Safari contains a vulnerability that allows a remote attacker to access web page contents protected by SSL/TL...
Generic IO & Memory Access driver for TOSHIBA and Dynabook PCs exposes its IOCTL with insufficient access control
Overview Generic IO & Memory Access driver is part of a utility to configure BIOS/Supervisor passwords from within Windows. This driver is installed on PCs provided by TOSHIBA CORPORATION and Dynabook Inc. between 2009 and 2016. The driver contains the following vulnerability. Exposed IOCTL with...
Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpoint and Hitachi Ops Center Viewpoint
Overview Hitachi Infrastructure Analytics Advisor contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2025-48924 Hitachi Ops Center Analyzer viewpoint contains the following vulnerability: CVE-2025-48924 Hitachi Ops Center...
Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]
Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...
Security information for Hitachi Disk Array Systems
Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...
Security information for Hitachi Disk Array Systems
Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves improper authorization vulnerability. CVE-2025-2902 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1
Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...
Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager
Overview Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager contain a vulnerability CVE-2025-5781 that may allow session tokens to be stored. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
GROWI vulnerable to cross-site request forgery
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...
SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow
Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...
ELECOM Clone for Windows registers a Windows service with an unquoted file path
Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...
Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries
Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
"Gunosy" App vulnerable to insertion of sensitive information into sent data
Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...
Improper file access permission settings in multiple i-FILTER products
Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
ScanSnap Manager installers vulnerable to privilege escalation
Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...
PgManage vulnerable to injection
Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection
Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple SEIKO EPSON products use weak initial passwords
Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...
Multiple Brother driver installers for Windows vulnerable to privilege escalation
Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...
KCM3100 vulnerable to authentication bypass using an alternate path or channel
Overview KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2025-51381 Namihiko Matsumura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Multiple vulnerabilities in RICOH Streamline NX PC Client
Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...
Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Overview Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was...
TimeWorks vulnerable to path traversal
Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
Mailform Pro CGI generating error messages containing sensitive information
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'
Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...
Pgpool-II vulnerable to authentication bypass by primary weakness
Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
Multiple vulnerabilities in GL-MT2500 and GL-MT2500A
Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...
Multiple vulnerabilities in BizRobo!
Overview BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to che...
Multiple vulnerabilities in home gateway HGW-BL1500HM
Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...