5627 matches found
Multiple vulnerabilities in multiple Keyence products
Overview Multiple products provided by KEYENCE CORPORATION contain multiple vulnerabilities listed below. Stack-based buffer overflow CWE-121 - CVE-2025-58775, CVE-2025-58776 Access of uninitialized pointer CWE-824 - CVE-2025-58777 Buffer underflow CWE-124 - CVE-2025-61690 Out-of-bounds read...
NIHON KOHDEN Central Monitor CNS-6201 vulnerable to NULL pointer dereference
Overview Central Monitor CNS-6201 provided by NIHON KOHDEN CORPORATION contains the following vulnerability. NULL pointer dereference CWE-476 - CVE-2025-59668 Jared P. Quinn of QuinnTech.ai discovered and reported the vulnerability to the developer and CISA. Cooperating with CISA, JPCERT/CC...
Multiple vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Overview Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers contain multiple vulnerabilities listed below. Out-of-bounds read CWE-125 - CVE-2025-7698 Out-of-bounds write CWE-787 - CVE-2025-9903 Reference to unallocated memory CWE-696 -...
DataSpider Servista improper restriction of XML external entity references
Overview DataSpider Servista provided by Saison Technology Co.,Ltd. is a data integration software. DataSpider Servista contains the following vulnerability. Improper restriction of XML external entity reference CWE-611 - CVE-2025-48006 Shigeaki Tsunoda of Cyber Defense Institute, Inc. reported...
OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path
Overview Uninterruptible Power Supply UPS management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path CWE-428, CVE-2025-9818. OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution...
Multiple vulnerabilities in I-O DATA wireless LAN routers
Overview Wireless LAN routers provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-55075 OS command injection CWE-78 - CVE-2025-58116 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinat...
Multiple Brother and its OEM products with weak initial administrator passwords
Overview Multiple products provided by BROTHER INDUSTRIES, LTD and other OEM vendors are setup with weak initial administrator passwords, which can be derived from their serial numbers. This is reported by Rapid7, and treated on JVNVU90043828, CVE-2024-51978. Brother states that 1 serial numbers...
UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting
Overview UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 - CVE-2025-8153 RyotaK of GMO Flatt Security Inc. reported this vulnerability to NEC Corporation and coordinated. After the coordination was completed, NEC...
JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting
UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...
Century HW RAID Manager registers a Windows service with an unquoted file path
Overview RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-59307 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#84697061: Century HW RAID Manager registers a Windows service with an unquoted file path
RAID Manager provided by Century Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-2025-59307 Impact A user with t...
WTW-EAGLE App vulnerable to improper server certificate validation
Overview WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 - CVE-2025-58781 Shogo Iyota of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#89109713: WTW-EAGLE App vulnerable to improper server certificate validation
WTW-EAGLE App provided by Wireless Tsukamoto Co., Ltd. contains the following vulnerability. Improper server certificate validation CWE-295 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 4.8 CVE-2025-58781...
RICOH Streamline NX vulnerable to tampering with operation history
Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...
JVN#75307484: RICOH Streamline NX vulnerable to tampering with operation history
RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1 CVE-2025-58422 Impact If an...
Obsidian GitHub Copilot Plugin stores sensitive information in cleartext
Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path
Overview RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-58400 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
"Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly
Overview "Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 - CVE-2025-41408 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Multiple vulnerabilities in TkEasyGUI
Overview TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-55037 Uncontrolled search path element CWE-427 - CVE-2025-55671 Satoki Tsuji of Ikotas Labs, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...
JVN#41633999: Obsidian GitHub Copilot Plugin stores sensitive information in cleartext
Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L Base Score 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Base Score...
JVN#98737186: RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...
JVN#35290164: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly
"Yahoo! Shopping" App for Android provided by LY Corporation contains the following vulnerability. Improper authorization in handler for custom URL scheme CWE-939 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score...
JVN#48739895: Multiple vulnerabilities in TkEasyGUI
TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-55037 Uncontrolled search path...
Web Caster V130 vulnerable to cross-site request forgery
Overview Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 - CVE-2025-58272 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this...
JVN#65839588: Web Caster V130 vulnerable to cross-site request forgery
Web Caster V130 provided by NTT EAST, Inc. and NTT WEST, Inc. is a 050IP telephony-enabled broadband router. Web Caster V130 contains the following vulnerability. Cross-site request forgery CWE-352 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 2.0...
"Gunosy" App vulnerable to insertion of sensitive information into sent data
Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#47404248: "Gunosy" App vulnerable to insertion of sensitive information into sent data (CWE-201)
"Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-44017 Impact If ...
Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection
Overview SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-54857 Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Overview A vulnerability that could allow a Denial-of-Service DoS is reported in the Konica Minolta bizhub series. Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Uncaught exception CWE-248 - CVE-2025-54777 Konica Minolta, Inc. reported this...
JVN#22016482: Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection
SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-54857 Impact A remote...
Multiple vulnerabilities in multiple iND products
Overview Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 - CVE-2025-53507 OS command injection CWE-78 - CVE-2025-53508 HL330-DLS, HL320-DLS Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported...
JVN#50585992: Multiple vulnerabilities in multiple iND products
Multiple products provided by iND Co.,Ltd contain multiple vulnerabilities listed below. Insecure storage of sensitive information CWE-922 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2025-53507 OS...
Improper file access permission settings in multiple i-FILTER products
Overview Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 - CVE-2025-57846 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Multiple vulnerabilities in SS1
Overview SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength CWE-326 - CVE-2025-46409 Files or directories accessible to external parties CWE-552 - CVE-2025-52460 Incorrect permission assignment for critical resource CWE-732 -...
ScanSnap Manager installers vulnerable to privilege escalation
Overview ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 - CVE-2025-57797 Kazuhira Agata, Kentaro Kan, Tomoaki Kobayashi, Takayuki Tomita, Yoshiaki Yamamuro reported this vulnerability to IPA. JPCERT/CC coordinated wi...
JVN#55678602: Improper file access permission settings in multiple i-フィルター products
Multiple i-フィルター products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57846 Impact A...
JVN#69684540: ScanSnap Manager installers vulnerable to privilege escalation
ScanSnap Manager installers provided by PFU Limited contain the following vulnerability. Incorrect privilege assignment CWE-266 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2025-57797 Impact An...
JVN#99577552: Multiple vulnerabilities in SS1
SS1 provided by provided by DOS Co., Ltd. contains multiple vulnerabilities listed below. Inadequate encryption strength(CWE-326) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.7 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5 CVE-2025-46409 Files or...
Western Digital Kitfox registers a Windows service with an unquoted file path
Overview Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-57699 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...
JVN#75211379: Western Digital Kitfox registers a Windows service with an unquoted file path
Western Digital Kitfox for Windows provided by Western Digital Corporation contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7...
Multiple vulnerabilities in Group-Office
Overview Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-53504 Path traversal CWE-22 - CVE-2025-53505 Rikuto Tauchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation
Overview Synapse Mobility provided by FUJIFILM Healthcare Americas Corporation is vulnerable to privilege escalation. Privilege escalation vulnerability through external control of Web parameter CWE-472 - CVE-2025-54551 Christopher Alejandro Moroco reported this vulnerability to CISA ICS...
JVN#72111431: Multiple vulnerabilities in Group-Office
Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...
Multiple vulnerabilities in Movable Type
Overview Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source CWE-348 - CVE-2025-53522 Open redirect CWE-601 - CVE-2025-55706 Six Apart Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...
JVN#76729865: Multiple vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Use of less trusted source(CWE-348) CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-53522 Open...
PgManage vulnerable to injection
Overview PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Sho Nakatani of SecDevLab Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#46919949: PgManage vulnerable to injection
PgManage provided by Command Prompt, Inc. uses RestrictedPython module. The version of RestrictedPython module imported to PgManage contains vulnerabilities, which are inherited to PgManage CWE-477. Impact A user of the affected product may escape a sandbox and execute arbitrary code. Solution...
Seagate Toolkit registers a Windows service with an unquoted file path
Overview Seagate Toolkit provided by Seagate Technology contains the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-9043 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to the developer and IPA. JPCERT/CC coordinated with the developer...
JVN#89385114: Seagate Toolkit registers a Windows service with an unquoted file path
Seagate Toolkit provided by Seagate Technology contains the following vulnerability. Unquoted search path or element CWE-428 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.7 CVE-2025-9043 Impact A user with...
WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection
Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...