Lucene search
K

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 5:10 a.m.•7 views

Multiple vulnerabilities in multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd.

Overview Multiple NEC branded projectors manufactured by Sharp Display Solutions, Ltd. contain multiple vulnerabilities listed below. Path traversal CWE-22, CVE-2025-11540 Stack-based buffer overflow CWE-121, CVE-2025-11541, CVE-2025-11542 Improper validation of integrity check value CWE-354,...

9.8CVSS7.7AI score0.00356EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2026/01/07 1:46 a.m.•5 views

Authentication bypass vulnerability in OpenBlocks series

Overview OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability. Authentication bypass CWE-288 - CVE-2026-21411 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker could bypass...

8.8CVSS8.8AI score0.00279EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/24 2:10 a.m.•5 views

Media Player MP-01 vulnerable to Missing Authentication for Critical Function

Overview NEC branded Media Player MP-01 manufactured by Sharp Display Solutions, Ltd. contains the following vulnerability. Missing Authentication for Critical Function CWE-306 - CVE-2025-12049 Souvik Kandar of MicroSec microsec.io discovered and reported the vulnerability to the developer and...

9.8CVSS6.7AI score0.00286EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/19 3:33 a.m.•6 views

Ruijie Networks AP180 Series vulnerable to OS command injection

Overview RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks contain the following vulnerability. OS command injection CWE-78 - CVE-2025-68459 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An...

8.6CVSS7.4AI score0.01261EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 4:4 a.m.•3 views

GROWI vulnerable to cross-site request forgery

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-64700 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the Information Security...

5.1CVSS6.6AI score0.00112EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/17 2:28 a.m.•3 views

Multiple vulnerabilities in CHOCO TEI WATCHER mini

Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Clickjacking CWE-1021 - CVE-2025-59479 Improper check for unusual conditions CWE-754 - CVE-2025-61976 Improper check for unusual conditions CWE-754 - CVE-2025-66357 JTEKT...

8.7CVSS6.7AI score0.00362EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/16 6:31 a.m.•3 views

SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow

Overview Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser. Web Config contains the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2025-66635 Shogo Iyota of GMO Cybersecurity by...

8.6CVSS7.5AI score0.00491EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/11 5:33 a.m.•6 views

QND vulnerable to privilege escalation

Overview QND provided by QualitySoft Corporation contains the following vulnerability. Privilege Chaining CWE-268 - CVE-2025-64701 Tongren Chen of PwC Consulting LLC reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.5CVSS8AI score0.00106EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/09 8:25 a.m.•8 views

Android App "Brother iPrint&Scan" improper use of an external cache directory

Overview iPrint provided by Brother Industries, Ltd. contains the following vulnerability. Improper use of an external cache directory CWE-524 - CVE-2025-64696 Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD...

4.8CVSS4.4AI score0.00115EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/09 8:16 a.m.•4 views

ELECOM Clone for Windows registers a Windows service with an unquoted file path

Overview Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. Clone for Windows provided by ELECOM CO.,LTD. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66271 Kazuma Matsumoto of GMO Cybersecurity by IERA...

8.4CVSS7AI score0.00135EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/08 8:48 a.m.•12 views

Multiple vulnerabilities in GroupSession

Overview GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-53523 Stored cross-site scripting CWE-79 - CVE-2025-54407 Reflected cross-site scripting CWE-79 - CVE-2025-57883 Cross-site request forgery...

6.9CVSS5.9AI score0.00177EPSS
Exploits0References17
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/08 5:6 a.m.•5 views

GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths

Overview FULLBACK Manager Pro provided by GS Yuasa International Ltd. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-66461 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

8.4CVSS7AI score0.00135EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/12/05 5:12 a.m.•7 views

Multiple vulnerabilities in ABB Terra AC Wallbox

Overview Terra AC Wallbox provided by ABB contains the following vulnerability. Heap-based buffer overflow CWE-122 - CVE-2025-10504 Classic buffer overflow CWE-120 - CVE-2025-12142 Stack-based buffer overflow CWE-121 - CVE-2025-12143 Ryo Kato of Panasonic reported this vulnerability to IPA...

6.9CVSS7.4AI score0.002EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/28 4:36 a.m.•4 views

Installer of INZONE Hub may insecurely load Dynamic Link Libraries

Overview The installer of INZONE Hub provided by Sony Corporation contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-64772 Kazuma Matsumoto of GMO Cybersecurity by IERAE,...

8.4CVSS6.8AI score0.00183EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/26 5:35 a.m.•4 views

SwitchBot Smart Video Doorbell vulnerable to active debug code

Overview Smart Video Doorbell provided by SwitchBot contains the following vulnerability. Active debug code CWE-489 - CVE-2025-64983 Researcher reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attacker on ...

8.6CVSS8.2AI score0.00307EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 8:17 a.m.•5 views

Multiple vulnerabilities in Security Point (Windows) of MaLion

Overview Security Point Windows of MaLion provided by Intercom, Inc. contains multiple vulnerabilities listed below. Incorrect default permissions CWE-276 - CVE-2025-59485 Stack-based buffer overflow in processing HTTP headers CWE-121 - CVE-2025-62691 Heap-based buffer overflow in processing...

9.8CVSS8.6AI score0.00593EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 5:59 a.m.•5 views

Multiple vulnerabilities in SNC-CX600W

Overview SNC-CX600W provided by Sony Corporation contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2025-62497 Cross-site scripting CWE-79 - CVE-2025-64730 The following people reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer...

6.5CVSS4.9AI score0.00174EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/25 5:15 a.m.•5 views

"FOD" App uses hard-coded cryptographic keys

Overview "FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys Use of hard-coded cryptographic key CWE-321 - CVE-2025-64304 The keys are used in the processing of JWT data. Impact The cryptographic keys may be retrieved. The developer considers that the impact is...

5.1CVSS4.7AI score0.0011EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/21 7:27 a.m.•5 views

Multiple vulnerabilities in LogStare Collector

Overview LogStare Collector provided by LogStare Inc. contains multiple vulnerabilities listed below. Incorrect default permissions for the installation directory CWE-276 - CVE-2025-58097 Stored cross-site scripting vulnerability in UserManagement CWE-79 - CVE-2025-61949 Incorrect authorization i...

8.4CVSS6.2AI score0.00231EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/21 6:31 a.m.•5 views

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts

Overview EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability. Improper restriction of excessive authentication attempts CWE-307 - CVE-2025-64310 Vladislav Khegay and Aigerim Alibek of Astana IT University...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/19 7:22 a.m.•4 views

Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries

Overview Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-12852 Impact Arbitrary code may be executed with the...

8.4CVSS6.9AI score0.00125EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/17 5:9 a.m.•5 views

"Dejira" App for iOS vulnerable to improper server certificate verification

Overview "Dejira" App for iOS provided by KDDI CORPORATION contains the following vulnerability. Improper server certificate verification CWE-295 Tsuyoshi Ogawa of SIE Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS4.9AI score0.00121EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/14 6:26 a.m.•4 views

NCP-HG100 vulnerable to OS command injection

Overview NCP-HG100 provided by Sony Network Communications Inc. and used in MANOMA service contains the following vulnerability. OS command injection CWE-78 - CVE-2025-64444 HIROKI IMAI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.6CVSS7.9AI score0.01256EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/10 6:7 a.m.•6 views

Multiple vulnerabilities in GNU Libmicrohttpd

Overview GNU Libmicrohttpd provided by GNU Project contains multiple vulnerabilities listed below. NULL pointer dereference CWE-476 - CVE-2025-59777 Heap-based buffer overflow CWE-122 - CVE-2025-62689 Tatsuhiko Yasumatsu of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to...

8.7CVSS7.3AI score0.00422EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/07 6:39 a.m.•8 views

Use of password hash with insufficient computational effort vulnerability in BUFFALO Wi-Fi router "WSR-1800AX4 series"

Overview Wi-Fi router "WSR-1800AX4 series" provided by BUFFALO INC. contains the following vulnerability. Use of password hash with insufficient computational effort CWE-916 - CVE-2025-46413 Kazuaki Chikamori and Takayuki Tatekawa of National Institute of Technology, Kochi College reported this...

5.3CVSS5.3AI score0.00117EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/07 5:55 a.m.•5 views

CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to OS command injection

Overview CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain the following vulnerability. OS command injection CWE-78 - CVE-2025-11546 NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under...

9.8CVSS7.4AI score0.00448EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/06 4:45 a.m.•4 views

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2025-61994 Keitaro Yamazaki of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warni...

5.4CVSS5.3AI score0.00165EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 7:37 a.m.•6 views

Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series

Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...

8.6CVSS7.4AI score0.0128EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 5:17 a.m.•4 views

Multiple Roboticsware products register Windows services with unquoted file paths

Overview Multiple Roboticsware products provided by Roboticsware PTE. LTD. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-64151 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...

8.4CVSS7.1AI score0.00151EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 4:51 a.m.•7 views

Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path

Overview Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-62225 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.4CVSS7AI score0.00151EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/11/04 3:47 a.m.•6 views

Progress Flowmon vulnerable to authenticated OS command injection

Overview Progress Flowmon provided by Progress Software Corporation contains the following vulnerability. Authenticated OS command injection CWE-78 - CVE-2025-10239 Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.2CVSS7.2AI score0.00357EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/29 5:17 a.m.•3 views

Installer of WTW EAGLE (for Windows) may insecurely load Dynamic Link Libraries

Overview The installer of WTW EAGLE for Windows provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-62776 Kazuma Matsumoto of GMO...

8.4CVSS6.8AI score0.00146EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/28 5:4 a.m.•7 views

MZK-DP300N uses hard-coded credentials

Overview MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability. Use of hard-coded credentials CWE-798 - CVE-2025-62777 Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.8CVSS6.8AI score0.00245EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/24 6:11 a.m.•5 views

Multiple stored cross-site scripting vulnerabilities in Pleasanter

Overview Pleasanter provided by Implem Inc. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Preview for Attachments CWE-79 - CVE-2025-58070 Stored cross-site scripting vulnerability in Body, Description and Comments CWE-79 -...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/22 6:44 a.m.•5 views

GROWI vulnerable to cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site scripting in the page alert function CWE-79 - CVE-2025-54806 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the...

6.1CVSS6.3AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/22 6:4 a.m.•5 views

Multiple I-O DATA NAS management applications register Windows services with unquoted file paths

Overview Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. Multiple NAS management applications provided by I-O DATA DEVICE, INC. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-61865...

8.4CVSS7.4AI score0.00184EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/22 4:54 a.m.•8 views

Multiple stored cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit ContentData page CWE-79 - CVE-2025-54856 Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page...

4.8CVSS6.1AI score0.0021EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/20 7:17 a.m.•5 views

Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel

Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...

9.8CVSS7.4AI score0.02689EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/20 5:20 a.m.•4 views

ETERNUS SF vulnerable to incorrect default permissions

Overview ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-62577 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc...

8.8CVSS6.9AI score0.0017EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/17 4:38 a.m.•7 views

Installer of AutoDownloader may insecurely load Dynamic Link Libraries

Overview Installer of AutoDownloader provided by Panasonic Connect Co., Ltd. contains the following vulnerability with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-11223 Kazuma Matsumoto of GMO Cybersecurity ...

8.4CVSS6.9AI score0.00151EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/16 8:30 a.m.•6 views

Multiple vulnerabilities in desknet's NEO

Overview desknets NEO provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2025-24833, CVE-2025-54760, CVE-2025-55072 Reflected cross-site scripting CWE-79 - CVE-2025-52583 Stored cross-site scripting CWE-79 - CVE-2025-54859 Improper...

6.1CVSS6AI score0.00292EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/16 8:17 a.m.•6 views

Multiple vulnerabilities in ChatLuck

Overview ChatLuck provided by NEOJAPAN Inc. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability in Chat Rooms CWE-79 - CVE-2025-53858 Insufficient granularity of access control vulnerability in Invitation of Guest Users CWE-1220 - CVE-2025-54461 Cross-site scripting...

6.9CVSS6.7AI score0.00303EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/16 5:19 a.m.•6 views

Ruijie Networks RG-EST300 undocumented SSH functionality

Overview RG-EST300 provided by Ruijie Networks provides SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Hidden functionality CWE-912 - CVE-2025-58778 Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National Universi...

8.6CVSS6.5AI score0.00549EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/16 2:16 a.m.•7 views

Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal

Overview Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains the following vulnerability. Path traversal CWE-22 - CVE-2025-61941 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Arbitrary file may be altered by ...

8.6CVSS6.9AI score0.00485EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/15 6:55 a.m.•5 views

Multiple RSUPPORT products may insecurely load Dynamic Link Libraries

Overview Multiple RSUPPORT products contain multiple vulnerabilities listed below. RemoteView PC Application Console vulnerable to uncontrolled search path element CWE-427 - CVE-2025-26859 RemoteCall Remote Support Program for Operator vulnerable to uncontrolled search path element CWE-427 -...

8.5CVSS7.8AI score0.0016EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/15 6:54 a.m.•5 views

Phoenix Contact CHARX SEC-3xxx vulnerable to code injection

Overview CHARX SEC-3xxx provided by Phoenix Contact contains the following vulnerability. Code injection CWE-94 - CVE-2025-41699 Ryo Kato of Panasonic Holdings Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS7.5AI score0.00869EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/10 4:56 a.m.•9 views

BUFFALO NAS Navigator2 registers a Windows service with an unquoted file path

Overview NAS Navigator2 provided by BUFFALO INC. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-61871 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.4CVSS7.5AI score0.00155EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/09 4:39 a.m.•9 views

Multiple vulnerabilities in FUJI Electric V-SFT

Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom CWE-121 - CVE-2025-61856 Out-of-bounds write in VS6ComFile!CItemExChange::WinFontDynStrCheck CWE-787 - CVE-2025-61857...

8.4CVSS7.6AI score0.00185EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/06 6:38 a.m.•4 views

The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries

Overview The installers of DENSO TEN drive recorder viewer may insecurely load Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2025-57781 This vulnerability is exploited by directing a user to download and place a crafted DLL file with the affected installer, and to execute...

8.4CVSS7.2AI score0.0015EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2025/10/06 4:52 a.m.•10 views

Trend Micro Antivirus for Mac vulnerable to Local Privilege Escalation

Overview Trend Micro Incorporated has released a security update for Trend Micro Antivirus for Mac. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An unprivileged user may gain root access by exploiting a leftover file after...

6.8AI score
Exploits0References2
Total number of security vulnerabilities5627