5627 matches found
IM-LogicDesigner module of intra-mart Accel Platform vulnerable to untrusted data deserialization
Overview IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains the following vulnerability. Untrusted data deserialization CWE-502 - CVE-2026-27776 This can be exploited only when IM-LogicDesigner is deployed Masataka Sagami reported this...
Improper file access permission settings in the installers for multiple Soliton Systems products
Overview The installers for multiple products provided by Soliton Systems K.K. contain the following vulnerability. Incorrect default permissions CWE-276 - CVE-2026-27653 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Multiple vulnerabilities in the installer of FinalCode Client
Overview The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2026-23703 Uncontrolled search path element CWE-427 - CVE-2026-25191 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...
Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager
Overview Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager contain a vulnerability CVE-2025-5781 that may allow session tokens to be stored. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor...
Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager
Overview Credential storage vulnerability exists in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager CVE-2025-0976. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for th...
Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Path traversal CWE-22 - CVE-2026-25785 The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc...
Security information for Hitachi Disk Array Systems
Overview CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability CVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability CVE-2026-20804 | Windows Hello Tampering Vulnerability CVE-2026-20805 | Desktop Window...
WordPress Plugin "Survey Maker" vulnerable to cross-site scripting
Overview WordPress Plugin "Survey Maker" provided by Ays Pro contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2026-26370 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool may insecurely load Dynamic Link Libraries
Overview The installer for Job log aggregation/analysis software RICOH Job Log Aggregation Tool contains the following vulnerability related to the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-26050 Kazuma...
Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server
Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-42516, CVE-2024-47252 CVE-2024-47252 is not exploitable when SSL is not enabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refe...
Multiple Vulnerabilities in Cosminexus
Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to...
Multiple Vulnerabilities in JP1
Overview Multiple vulnerabilities have been found in JP1. CVE-2024-38473, CVE-2024-38477 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of th...
Multiple Vulnerabilities in Hitachi Command Suite products
Overview Multiple vulnerabilities have been found in Hitachi Command Suite products. CVE-2024-38477, CVE-2024-2511 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...
Multiple Vulnerabilities in Cosminexus HTTP Server
Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server. CVE-2025-49630, CVE-2025-53020 These vulnerabilities does not apply if HTTP/2 protocol is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...
Vulnerability in Cosminexus HTTP Server
Overview Vulnerability has been found in Cosminexus HTTP Server. CVE-2025-23048 This vulnerability does not apply if SSL is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-43204 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...
Joomla! CMS vulnerable to cross-site scripting
Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
FileZen vulnerable to OS command injection
Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...
Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries
Overview The installer of M-Track Duo HD provided by M-Audio contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-25676 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc...
Oki Electric Industry products and OEM products register Windows services with unquoted file paths
Overview Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-24466 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IP...
web2py vulnerable to open redirect
Overview web2py contains the following vulnerability. Open redirect CWE-601 - CVE-2026-25198 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a speciall...
Multiple vulnerabilities in Movable Type
Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...
Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries
Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...
Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...
Multiple vulnerabilities in ELECOM wireless LAN products
Overview Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2026-20704 OS command injection CWE-78 - CVE-2026-22550 Use of weak credentials CWE-1391 - CVE-2026-24449 Stack-based buffer overflow CWE-121 -...
Multiple vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3687Cross-site scripting vulnerability in E-mail CWE-79 - CVE-2026-20711 CyVDB-3689Cross-site scripting vulnerability in Message CWE-79 - CVE-2026-22881 CyVDB-3995Improper input verification in...
Multiple Microsoft Office products vulnerable to untrusted search path
Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...
OS command injection in raspap-webgui
Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Sonatype Nexus Repository vulnerable to server-side request forgery
Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
Undocumented "TelnetEnable" functionality of End of Service NETGEAR products
Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...
Multiple vulnerabilities in BROTHER MFPs (multifunction printers)
Overview Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper certificate validation CWE-295 - CVE-2025-53869 Hidden Functionality CWE-912 - CVE-2025-55704 Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer. JPCERT/CC...
Multiple Vulnerabilities in Cosminexus
Overview Multiple vulnerabilities exist in Cosminexus Component Container. CVE-2025-48988, CVE-2025-48976 Affected products and versions are listed below. Please upgrade your version to the appropriate version. These vulnerabilities exist in Cosminexus Component Container which is a component...
Archer MR600 vulnerable to OS command injection
Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...
beat-access for Windows may insecurely load Dynamic Link Libraries
Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...
Multiple Brother software installers may insecurely load Dynamic Link Libraries
Overview Multiple software installers provided by Brother Industries, Ltd. may insecurely load some dynamic link libraries. Uncontrolled search path element CWE-427 - CVE-2016-2542, CVE-2021-41526 Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Brother...
Command injection vulnerability in ASUS routers
Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...
Multiple vulnerabilities in Trend Micro Apex Central (January 2026)
Overview Trend Micro Incorporated has released a security update for Trend Micro Apex Central to fix CVE-2025-69258, CVE-2025-69259, and CVE-2025-69260. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Processing some crafte...
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...
Ruijie Networks AP180 series vulnerable to OS command injection
Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Overview The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-24016 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Security information for Hitachi Disk Array Systems
Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...
ETERNUS SF vulnerable to insertion of sensitive information into maintenance data
Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers
Overview Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237 Release of invalid pointer or referenc...
Multiple Vulnerabilities in TOA Network Cameras TRIFORA 3 series
Overview Network Cameras TRIFORA 3 series provided by TOA Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2026-20759 Cross-site scripting CWE-79 - CVE-2026-20894 Path traversal CWE-22 - CVE-2026-22876 Shogo Iyota of GMO Cybersecurity by Ierae reported...
Chainlit vulnerable to improper access restriction
Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
Multiple vulnerabilities in EATON UPS Companion
Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...
RICOH Streamline NX vulnerable to improper authorization
Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Improper authorization CWE-639 - CVE-2026-21409 Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...
The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries
Overview The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-21427 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2
Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...