Lucene search
K

5627 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/03 2:19 a.m.25 views

Multiple vulnerabilities in multiple Keyence products

Overview Multiple products provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2025-58775, CVE-2025-58776 Access of uninitialized pointer CWE-824 - CVE-2025-58777 Buffer underflow CWE-124 - CVE-2025-61690 Out-of-bounds read...

8.4CVSS7.6AI score0.0017EPSS
Exploits0References18
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/01 2:35 a.m.8 views

NIHON KOHDEN Central Monitor CNS-6201 vulnerable to NULL pointer dereference

Overview Central Monitor CNS-6201 provided by NIHON KOHDEN CORPORATION contains the following vulnerability. NULL pointer dereference CWE-476 - CVE-2025-59668 Jared P. Quinn of QuinnTech.ai discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC...

8.7CVSS6.5AI score0.00439EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/30 2:50 a.m.6 views

Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

Overview Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2025-7698 Out-of-bounds write CWE-787 - CVE-2025-9903 Reference to unallocated memory CWE-696 -...

6.9CVSS7AI score0.00361EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/29 5:44 a.m.5 views

DataSpider Servista improper restriction of XML external entity references

Overview DataSpider Servista provided by Saison Technology Co.,Ltd. is a data integration software. DataSpider Servista contains the following vulnerability. Improper restriction of XML external entity reference CWE-611 - CVE-2025-48006 Shigeaki Tsunoda of Cyber Defense Institute, Inc. reported...

9.1CVSS6.7AI score0.00496EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/19 7:21 a.m.9 views

OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path

Overview Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path CWE-428, CVE-2025-9818. OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution...

6.7CVSS6.7AI score0.00139EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/19 5:58 a.m.6 views

Multiple vulnerabilities in I-O DATA wireless LAN routers

Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...

8.6CVSS7.7AI score0.01149EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/19 1:52 a.m.4 views

Multiple Brother and its OEM products with weak initial administrator passwords

Overview Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on JVNVU90043828, CVE-2024-51978. Brother states that 1 serial numbers...

4.3CVSS7.2AI score0.00243EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/18 8:43 a.m.7 views

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-8153 RyotaK of GMO Flatt Security Inc. reported this vulnerability to NEC Corporation and coordinated. After the coordination was completed, NEC...

6.1CVSS6.7AI score0.00311EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/18 12:0 a.m.13 views

JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...

5.1CVSS6.7AI score0.00311EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/17 4:45 a.m.4 views

Century HW RAID Manager registers a Windows service with an unquoted file path

Overview RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-59307 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

8.4CVSS7.5AI score0.00166EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/17 12:0 a.m.6 views

JVN#84697061: Century HW RAID Manager registers a Windows service with an unquoted file path

RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-2025-59307 Impact A user with t...

8.4CVSS7.4AI score0.00166EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/12 4:57 a.m.5 views

WTW-EAGLE App vulnerable to improper server certificate validation

Overview WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 - CVE-2025-58781 Shogo Iyota of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

6.3CVSS6.5AI score0.00132EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/12 12:0 a.m.7 views

JVN#89109713: WTW-EAGLE App vulnerable to improper server certificate validation

WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 4.8 CVE-2025-58781...

6.3CVSS6.3AI score0.00132EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/08 4:42 a.m.4 views

RICOH Streamline NX vulnerable to tampering with operation history

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

3.1CVSS4AI score0.00106EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/08 12:0 a.m.7 views

JVN#75307484: RICOH Streamline NX vulnerable to tampering with operation history

RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1 CVE-2025-58422 Impact If an...

3.1CVSS6.5AI score0.00106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 7:52 a.m.14 views

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

6.8CVSS6.6AI score0.00094EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 7:20 a.m.5 views

RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path

Overview RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-58400 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

8.4CVSS7.5AI score0.00161EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 6:12 a.m.6 views

"Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly

Overview "Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 - CVE-2025-41408 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

5.3CVSS6.8AI score0.00253EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 5:53 a.m.4 views

Multiple vulnerabilities in TkEasyGUI

Overview TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-55037 Uncontrolled search path element CWE-427 - CVE-2025-55671 Satoki Tsuji of Ikotas Labs, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

9.8CVSS8AI score0.02716EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 12:0 a.m.11 views

JVN#41633999: Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Base Score...

6.8CVSS6.5AI score0.00094EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 12:0 a.m.7 views

JVN#98737186: RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

8.4CVSS7.5AI score0.00161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 12:0 a.m.8 views

JVN#35290164: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly

"Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score...

5.3CVSS6.8AI score0.00253EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/05 12:0 a.m.9 views

JVN#48739895: Multiple vulnerabilities in TkEasyGUI

TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-55037 Uncontrolled search path...

9.8CVSS7.9AI score0.02716EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/03 5:23 a.m.4 views

Web Caster V130 vulnerable to cross-site request forgery

Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...

3.7CVSS6.5AI score0.00119EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/03 12:0 a.m.5 views

JVN#65839588: Web Caster V130 vulnerable to cross-site request forgery

Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 2.0...

3.7CVSS6.4AI score0.00119EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/02 5:20 a.m.3 views

"Gunosy" App vulnerable to insertion of sensitive information into sent data

Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.1CVSS6.4AI score0.00212EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/02 12:0 a.m.7 views

JVN#47404248: "Gunosy" App vulnerable to insertion of sensitive information into sent data (CWE-201)

"Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-44017 Impact If ...

5.1CVSS6.2AI score0.00212EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 7:21 a.m.6 views

Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-54857 Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS8AI score0.03214EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 6:22 a.m.3 views

Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series

Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...

5.3CVSS6.8AI score0.00108EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/09/01 12:0 a.m.5 views

JVN#22016482: Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-54857 Impact A remote...

9.8CVSS8.1AI score0.03214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/29 5:47 a.m.4 views

Multiple vulnerabilities in multiple iND products

Overview Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 - CVE-2025-53507 OS command injection CWE-78 - CVE-2025-53508 HL330-DLS, HL320-DLS Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported...

8.6CVSS7.4AI score0.01293EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/29 12:0 a.m.6 views

JVN#50585992: Multiple vulnerabilities in multiple iND products

Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2025-53507 OS...

8.6CVSS7.2AI score0.01293EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 10:50 a.m.3 views

Improper file access permission settings in multiple i-FILTER products

Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

8.5CVSS7.3AI score0.00138EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 6:13 a.m.3 views

Multiple vulnerabilities in SS1

Overview SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength CWE-326 - CVE-2025-46409 Files or directories accessible to external parties CWE-552 - CVE-2025-52460 Incorrect permission assignment for critical resource CWE-732 -...

9.8CVSS7.7AI score0.00575EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 5:22 a.m.4 views

ScanSnap Manager installers vulnerable to privilege escalation

Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...

8.5CVSS6.8AI score0.00122EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 12:0 a.m.5 views

JVN#55678602: Improper file access permission settings in multiple i-フィルター products

Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57846 Impact A...

8.5CVSS7.5AI score0.00138EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 12:0 a.m.7 views

JVN#69684540: ScanSnap Manager installers vulnerable to privilege escalation

ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57797 Impact An...

8.5CVSS7.2AI score0.00122EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/27 12:0 a.m.14 views

JVN#99577552: Multiple vulnerabilities in SS1

SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength(CWE-326) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5 CVE-2025-46409 Files or...

9.8CVSS8.2AI score0.00575EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/22 4:37 a.m.6 views

Western Digital Kitfox registers a Windows service with an unquoted file path

Overview Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-57699 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

8.4CVSS7.5AI score0.00155EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/22 12:0 a.m.15 views

JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path

Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...

8.4CVSS7.5AI score0.00155EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/21 5:3 a.m.5 views

Multiple vulnerabilities in Group-Office

Overview Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-53504 Path traversal CWE-22 - CVE-2025-53505 Rikuto Tauchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS6.5AI score0.00308EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/21 2:49 a.m.6 views

FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation

Overview Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation. Privilege escalation vulnerability through external control of Web parameter CWE-472 - CVE-2025-54551 Christopher Alejandro Moroco reported this vulnerability to CISA ICS...

5.3CVSS7.1AI score0.0023EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/21 12:0 a.m.8 views

JVN#72111431: Multiple vulnerabilities in Group-Office

Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...

5.4CVSS6.9AI score0.00308EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/20 6:30 a.m.5 views

Multiple vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source CWE-348 - CVE-2025-53522 Open redirect CWE-601 - CVE-2025-55706 Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...

6.9CVSS7.4AI score0.0019EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/20 12:0 a.m.19 views

JVN#76729865: Multiple vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source(CWE-348) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-53522 Open...

6.9CVSS7.8AI score0.0019EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/18 4:40 a.m.3 views

PgManage vulnerable to injection

Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

7.2AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/18 12:0 a.m.6 views

JVN#46919949: PgManage vulnerable to injection

PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...

7.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/14 3:32 a.m.5 views

Seagate Toolkit registers a Windows service with an unquoted file path

Overview Seagate Toolkit provided by Seagate Technology contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-9043 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to the developer and IPA. JPCERT/CC coordinated with the developer...

6.7CVSS7.5AI score0.00135EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/14 12:0 a.m.7 views

JVN#89385114: Seagate Toolkit registers a Windows service with an unquoted file path

Seagate Toolkit provided by Seagate Technology contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-2025-9043 Impact A user with...

6.7CVSS7.8AI score0.00135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/08/08 6:29 a.m.3 views

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

4.6CVSS7AI score0.00209EPSS
Exploits0References4
Total number of security vulnerabilities5627