Lucene search
K

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/23 7:57 a.m.•9 views

GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...

8.7CVSS7AI score0.00365EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/22 6:45 a.m.•12 views

Ziostation2 vulnerable to path traversal

Overview Ziostation2 provided by Ziosoft, Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-40062 Yuta Miura of Five Drive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

8.7CVSS7.3AI score0.00619EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/22 6:45 a.m.•17 views

DeepL Chrome browser extension vulnerable to cross-site scripting

Overview DeepL Chrome browser extension contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-40451 This vulnerability was reported by the researchers below and JPCERT/CC coordinated with the developer. Junki Yuasa of Cybozu, Inc. reported this vulnerability to JPCERT/CC...

6.1CVSS6.2AI score0.00168EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/22 6:45 a.m.•10 views

Installers of LiveOn Meet Client for Windows and its plugin may insecurely load Dynamic Link Libraries

Overview LiveOn Meet provided by Japan Media Systems Corporation is a web conferencing system. The installer of LiveOn Meet Client for Windows and the installer of Canon Network Camera Plugin insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-32679 This...

8.4CVSS7.5AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/21 6:27 a.m.•11 views

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

9.8CVSS6.9AI score0.40002EPSS
Exploits1References27
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/20 5:47 a.m.•12 views

SKYSEA Client View and SKYMEC IT Manager improper file access permission settings

Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...

8.5CVSS7.7AI score0.00112EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/17 5:54 a.m.•4 views

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview The UPS Uninterruptible Power Supply management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element CWE-427, CVE-2026-5397. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/17 4:32 a.m.•10 views

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2026-21719 SQL injection CWE-89 - CVE-2026-34018 Path traversal CWE-22 - CVE-2026-35496 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities...

9.8CVSS6.7AI score0.01203EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/16 8:29 a.m.•8 views

Arcserve UDP Console vulnerable to redirect to a dummy URL

Overview UDP Console provided by Arcserve contains the following vulnerability. Incorrectly specified destination in a communication channel CWE-941 - CVE-2026-40118 Shingo Ando reported this vulnerability to IPA, IPA reported it to Arcserve, and JPCERT/CC coordinated with Arcserve to publish the...

6.3CVSS6.6AI score0.00178EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/15 8:21 a.m.•10 views

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

5.4CVSS6AI score0.00183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/14 9:13 a.m.•6 views

Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers

Overview Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2026-35553 Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

8.4CVSS6.4AI score0.00147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/10 4:38 a.m.•10 views

EmoCheck loads Dynamic Link Libraries insecurely

Overview EmoCheck is a tool for detecting infections by "Emotet" malware, provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC. EmoCheck loads Dynamic Link Libraries insecurely. Uncontrolled search path element CWE-427 - CVE-2026-28704 ryo shimada of Powder Keg...

8.4CVSS7.1AI score0.0016EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 7:15 a.m.•9 views

Multiple vulnerabilities in Movable Type

Overview The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-25776 SQL injection CWE-89 - CVE-2026-33088 CVE-2026-25776 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six...

9.8CVSS7.4AI score0.00468EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 7:15 a.m.•14 views

Multiple vulnerabilities in MATCHA series

Overview MATCHA series provided by ICZ Corporation contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2026-24913 Cross-site scripting CWE-79 - CVE-2026-27787 Unrestricted upload of file with dangerous typeCWE-434 - CVE-2026-33273 CVE-2026-24913, CVE-2026-27787 Kenta...

8.8CVSS6.5AI score0.00301EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•8 views

Multiple Vulnerabilities in Hitachi Ops Center Common Services

Overview Multiple vulnerabilities exist in Hitachi Ops Center Common Services. CVE-2024-4028, CVE-2025-8714, CVE-2025-8715, CVE-2025-10044, CVE-2025-12817, CVE-2025-12818, CVE-2025-41248, CVE-2025-41249, CVE-2026-1190 Impact Regarding the impact of the vulnerability, please refer to the vendor...

8.8CVSS6.9AI score0.00709EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•13 views

Multiple Vulnerabilities in Hitachi Ops Center Viewpoint

Overview Hitachi Ops Center Viewpoint contain the following vulnerabilities: CVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution...

7.5CVSS6.7AI score0.02142EPSS
Exploits1References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/08 3:11 a.m.•11 views

Multiple Vulnerabilities in JP1/IT Desktop Management 2 and JP1/NETM/DM

Overview Multiple vulnerabilities have been found in JP1/IT Desktop Management 2 and JP1/NETM/DM. CVE-2025-65115:Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM CVE-2025-65116:Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM Impact...

9.8CVSS5.8AI score0.00613EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/03 6:9 a.m.•12 views

Multiple vulnerabilities in NEC Aterm series (NV26-001)

Overview Aterm series products provided by NEC Corporation contain multiple vulnerabilities listed below. Missing authorization CWE-862 - CVE-2026-4309 Path traversal CWE-22 - CVE-2026-4619 OS command injection CWE-78 - CVE-2026-4620, CVE-2026-4622 Hidden functionality CWE-912 - CVE-2026-4621 The...

9.8CVSS5.9AI score0.00996EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/04/02 5:58 a.m.•6 views

Multiple vulnerabilities in FUJI Electric V-SFT (April 2026)

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2026-32925 Out-of-bounds read in VS6ComFile!loadlinkinf CWE-125 - CVE-2026-32926 Out-of-bounds read in...

8.4CVSS6.8AI score0.00209EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•9 views

Security information for Hitachi Disk Array Systems

Overview CVE-2026-20846 | GDI+ Denial of Service Vulnerability CVE-2026-21222 | Windows Kernel Information Disclosure Vulnerability CVE-2026-21231 | Windows Kernel Elevation of Privilege Vulnerability CVE-2026-21234 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability...

8.8CVSS6.8AI score0.25835EPSS
Exploits9References25
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•20 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves OS command injection. CVE-2025-9661 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

9.8CVSS5.9AI score0.009EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•44 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management software Storage Navigator of Hitachi Disk Array Systems that involves remote code execution vulnerability. CVE-2025-1978 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

9.8CVSS6.5AI score0.00547EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the firmware replacement function of Hitachi Disk Array Systems that involves improper input validation. CVE-2025-0824 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' sectio...

3.7CVSS5.9AI score0.00083EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•3 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in the management gui maintenance utility of Hitachi Disk Array Systems that involves improper authorization vulnerability. CVE-2025-2902 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/31 6:53 a.m.•4 views

Security information for Hitachi Disk Array Systems

Overview A vulnerability exists in Hitachi Disk Array Systems that involves Improper Restriction of Excessive Authentication Attempts vulnerability. CVE-2025-2514 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Informatio...

5.3CVSS5.9AI score0.003EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 9:18 a.m.•13 views

Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.2CVSS5.9AI score0.00174EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 9:17 a.m.•24 views

Open Redirect Vulnerability in Hitachi Ops Center Administrator

Overview Open Redirect Vulnerability exists in Hitachi Ops Center Administrator. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

4.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 9:0 a.m.•14 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS User Community contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-30879 OS command injection CWE-78 - CVE-2026-30880 SQL injection CWE-89 - CVE-2026-27697 Cross-site scripting CWE-79 - CVE-2026-32734 CVE-2026-30879 Gai...

9.8CVSS6AI score0.02059EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 8:34 a.m.•9 views

WordPress Plugin "OpenStreetMap" vulnerable to cross-site scripting

Overview WordPress Plugin "OpenStreetMap" provided by MiKa contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-33559 Naoya Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact O...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/27 8:18 a.m.•43 views

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/26 8:41 a.m.•5 views

Digital Photo Frame GH-WDF10A vulnerable to improper access restriction

Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7CVSS6.8AI score0.00174EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/26 8:41 a.m.•7 views

Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427 - CVE-2026-28760 Incorrect default permissions CWE-276 - CVE-2026-32680 Kazuma Matsumoto of GMO Cybersecurit...

8.5CVSS7.3AI score0.00175EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 9:41 a.m.•12 views

SHARP routers missing authentication for some web APIs

Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 9:13 a.m.•6 views

Installer of OM Workspace (Windows Edition) may insecurely load Dynamic Link Libraries

Overview OM Workspace provided by OM Digital Solutions Corporation is image editing software. Installer of OM Workspace Windows Edition contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element...

8.4CVSS7AI score0.00144EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/25 8:58 a.m.•9 views

SANYO DENKI SANUPS SOFTWARE registers Windows services with unquoted file paths

Overview SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-33253 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.4CVSS7AI score0.00191EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/23 5:54 a.m.•12 views

Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)

Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

9.8CVSS6.3AI score0.0039EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/17 7:42 a.m.•7 views

Vulnerability in Hitachi Command Suite

Overview VulnerabilityCVE-2025-48976 has been found in Hitachi Command Suite. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

7.5CVSS6.8AI score0.64718EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/17 5:57 a.m.•6 views

Installer for IBM Trusteer Rapport may insecurely load Dynamic Link Libraries

Overview The installer for IBM Trusteer Rapport provided by IBM contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-2713 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.8CVSS5.9AI score0.00147EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/16 8:18 a.m.•14 views

OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.6CVSS7.2AI score0.01513EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/16 8:18 a.m.•6 views

Missing authorization in the OpenAI thread/message API endpoints of GROWI

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Missing authorization in the OpenAI thread/message API endpoints CWE-862 - CVE-2026-25083 This can be exploited only when an attacker knows a shared AI assistant's identifier Sho Odagiri of GMO Cybersecurity by Ierae, In...

8.7CVSS7.2AI score0.0033EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/12 8:22 a.m.•5 views

Multiple vulnerabilities in Micro Research MR-GM5L-S1 and MR-GM5A-L1

Overview MR-GM5L-S1 and MR-GM5A-L1 provided by Micro Research Ltd. contain multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-20892 Use of hard-coded credentials CWE-798 - CVE-2026-24448 Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-27842 Chuya...

9.8CVSS7.5AI score0.00567EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/09 5:57 a.m.•9 views

Installer for Qsee Client may insecurely load Dynamic Link Libraries

Overview The installer for Qsee Client provided by Qsee contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-30896 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. report...

8.4CVSS7AI score0.0016EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/09 5:57 a.m.•11 views

Improper file access permission settings in multiple Digital Arts products

Overview Multiple products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-28267 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6AI score0.00105EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/06 1:31 a.m.•32 views

Security issues in ESC/POS

Overview ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS. Products implementing ESC/POS need to be designed and operated with consideration of the following...

9.8CVSS5.8AI score0.00447EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/05 3:36 a.m.•11 views

EC-CUBE vulnerable to multi-factor authentication bypass

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2026-30777 EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LT...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/05 3:36 a.m.•10 views

django-allauth vulnerable to open redirect

Overview django-allauth is a package for implementing user authentication in Django applications. django-allauth contains the following vulnerability. Open redirect CWE-601 - CVE-2026-27982 Ayato Shitomi of Fore-Z co.ltd and Funabiki Keisuke of GMO Cybersecurity by Ierae, Inc. reported this...

6.1CVSS5.9AI score0.00159EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 3:20 a.m.•6 views

Multiple vulnerabilities in Dell UPS Multi-UPS Management Console (MUMC)

Overview UPS Multi-UPS Management Console MUMC provided by Dell Inc. contains multiple vulnerabilities listed below. Unquoted search path or element CWE-428 - CVE-2026-26033 Incorrect default permissions CWE-276 - CVE-2026-26034 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these...

8.5CVSS7.1AI score0.0018EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 1:40 a.m.•2 views

Canon IJ Scan Utility registers Windows services with unquoted file paths

Overview IJ Scan Utility provided by Canon Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-1585 Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may execute arbitrary code with SYSTEM...

8.4CVSS7.5AI score0.00119EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/04 1:40 a.m.•21 views

Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (February 2026)

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Remote code execution due to a directory traversal vulnerability...

9.8CVSS7.8AI score0.03811EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/03/02 2:46 a.m.•9 views

Out-of-bounds write vulnerability in Fujitsu BIOS Driver (fbiosdrv.sys)

Overview Fujitsu BIOS Driver fbiosdrv.sys provided by Fujitsu Limited contains the following vulnerability. Out-of-bounds Write CWE-787 - CVE-2025-65001 Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Receiving a specially crafted reque...

8.2CVSS6.3AI score0.00145EPSS
Exploits0References5
Total number of security vulnerabilities5627