Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to...

Multiple Vulnerabilities in JP1

Overview Multiple vulnerabilities have been found in JP1. CVE-2024-38473, CVE-2024-38477 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

Overview Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center. CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945 Impact Regarding the impact of th...

Multiple Vulnerabilities in Hitachi Command Suite products

Overview Multiple vulnerabilities have been found in Hitachi Command Suite products. CVE-2024-38477, CVE-2024-2511 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

Multiple Vulnerabilities in Cosminexus HTTP Server

Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server. CVE-2025-49630, CVE-2025-53020 These vulnerabilities does not apply if HTTP/2 protocol is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...

Vulnerability in Cosminexus HTTP Server

Overview Vulnerability has been found in Cosminexus HTTP Server. CVE-2025-23048 This vulnerability does not apply if SSL is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official...

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-43204 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

Joomla! CMS vulnerable to cross-site scripting

Overview Joomla! CMS provided by Joomla! Project contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-63082 Sho Sugiyama of SUZUKI MOTOR CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...

Installer of M-Audio M-Track Duo HD may insecurely load Dynamic Link Libraries

Overview The installer of M-Track Duo HD provided by M-Audio contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-25676 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc...

Oki Electric Industry products and OEM products register Windows services with unquoted file paths

Overview Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-24466 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IP...

web2py vulnerable to open redirect

Overview web2py contains the following vulnerability. Open redirect CWE-601 - CVE-2026-25198 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When accessing a speciall...

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit Comment CWE-79 - CVE-2026-21393 Stored cross-site scripting vulnerability in Export Sites CWE-79 - CVE-2026-22875 Unrestricted upload of file with...

Installer for Roland Cloud Manager may insecurely load Dynamic Link Libraries

Overview The installer for Roland Cloud Manager provided by Roland Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-24694 Kazuma Matsumoto of GMO Cybersecurit...

Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Overview Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this...

Multiple vulnerabilities in ELECOM wireless LAN products

Overview Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2026-20704 OS command injection CWE-78 - CVE-2026-22550 Use of weak credentials CWE-1391 - CVE-2026-24449 Stack-based buffer overflow CWE-121 -...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3687Cross-site scripting vulnerability in E-mail CWE-79 - CVE-2026-20711 CyVDB-3689Cross-site scripting vulnerability in Message CWE-79 - CVE-2026-22881 CyVDB-3995Improper input verification in...

Multiple Microsoft Office products vulnerable to untrusted search path

Overview Multiple Microsoft Office products contain the following vulnerability. Untrusted search path CWE-426, - CVE-2026-20943 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

OS command injection in raspap-webgui

Overview RaspAP raspap-webgui contains the following vulnerability. OS command injection CWE-78 - CVE-2026-24788 Taihei Kusayanagi of NTT Security Japan KK reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Sonatype Nexus Repository vulnerable to server-side request forgery

Overview Nexus Repository provided by Sonatype contains the following vulnerability. Server-side request forgery CWE-918 - CVE-2026-0600 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

Undocumented "TelnetEnable" functionality of End of Service NETGEAR products

Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...

Multiple vulnerabilities in BROTHER MFPs (multifunction printers)

Overview Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Improper certificate validation CWE-295 - CVE-2025-53869 Hidden Functionality CWE-912 - CVE-2025-55704 Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer. JPCERT/CC...

Multiple Vulnerabilities in Cosminexus

Overview Multiple vulnerabilities exist in Cosminexus Component Container. CVE-2025-48988, CVE-2025-48976 Affected products and versions are listed below. Please upgrade your version to the appropriate version. These vulnerabilities exist in Cosminexus Component Container which is a component...

Archer MR600 vulnerable to OS command injection

Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...

beat-access for Windows may insecurely load Dynamic Link Libraries

Overview beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2026-21408 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported...

Multiple Brother software installers may insecurely load Dynamic Link Libraries

Overview Multiple software installers provided by Brother Industries, Ltd. may insecurely load some dynamic link libraries. Uncontrolled search path element CWE-427 - CVE-2016-2542, CVE-2021-41526 Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Brother...

Command injection vulnerability in ASUS routers

Overview Multiple routers provided by ASUSTeK COMPUTER INC. contain command injection vulnerability in AiCloud. Command injection CWE-77 - CVE-2025-2492 NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reported this...

Multiple vulnerabilities in Trend Micro Apex Central (January 2026)

Overview Trend Micro Incorporated has released a security update for Trend Micro Apex Central to fix CVE-2025-69258, CVE-2025-69259, and CVE-2025-69260. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Processing some crafte...

"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization

Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

Ruijie Networks AP180 series vulnerable to OS command injection

Overview AP180 series provided by Ruijie Networks Co., Ltd. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-23699 Thanh Do of BabyPhD reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries

Overview The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-24016 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

Security information for Hitachi Disk Array Systems

Overview CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability CVE-2025-55233 | Windows Projected File System Elevation of Privilege Vulnerability CVE-2025-59516 | Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2025-59517 | Windows Storage VSP Driver Elevation of...

ETERNUS SF vulnerable to insertion of sensitive information into maintenance data

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Insertion of sensitive information into maintenance data CWE-532 - CVE-2025-68919 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

Multiple vulnerabilities in Canon Small Office Multifunction Printers and Laser Printers

Overview Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2025-14231, CVE-2025-14232, CVE-2025-14234, CVE-2025-14235, CVE-2025-14236, CVE-2025-14237 Release of invalid pointer or referenc...

Multiple Vulnerabilities in TOA Network Cameras TRIFORA 3 series

Overview Network Cameras TRIFORA 3 series provided by TOA Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2026-20759 Cross-site scripting CWE-79 - CVE-2026-20894 Path traversal CWE-22 - CVE-2026-22876 Shogo Iyota of GMO Cybersecurity by Ierae reported...

Chainlit vulnerable to improper access restriction

Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Multiple vulnerabilities in EATON UPS Companion

Overview EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below. Uncontrolled search path element CWE-427, CVE-2025-59887 Unquoted search path or element CWE-428, CVE-2025-59888 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to th...

RICOH Streamline NX vulnerable to improper authorization

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Improper authorization CWE-639 - CVE-2026-21409 Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

The installers for multiple PIONEER products may insecurely load Dynamic Link Libraries

Overview The installers for multiple products provided by PIONEER CORPORATION contain the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-21427 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Origin validation error vulnerability in Fujitsu Security Solution AuthConductor Client Basic V2

Overview Fujitsu Security Solution AuthConductor Client Basic V2 provided by Fujitsu Client Computing Limited contains the following vulnerability. Origin validation error CWE-346 - CVE-2026-20893 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd.

Overview Multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. contain multiple vulnerabilities listed below. Path traversal CWE-22, CVE-2025-11540 Stack-based buffer overflow CWE-121, CVE-2025-11541, CVE-2025-11542 Improper validation of integrity check value CWE-354,...

Authentication bypass vulnerability in OpenBlocks series

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...

Ruijie Networks AP180 Series vulnerable to OS command injection

Overview RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks contain the following vulnerability. OS command injection CWE-78 - CVE-2025-68459 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An...

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...

SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow

Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...

QND vulnerable to privilege escalation

Overview QND provided by QualitySoft Corporation contains the following vulnerability. Privilege Chaining CWE-268 - CVE-2025-64701 Tongren Chen of PwC Consulting LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Android App "Brother iPrint&Scan" improper use of an external cache directory

Overview iPrint provided by Brother Industries, Ltd. contains the following vulnerability. Improper use of an external cache directory CWE-524 - CVE-2025-64696 Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD...

ELECOM Clone for Windows registers a Windows service with an unquoted file path

Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...