5617 matches found
JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...
Apache Jena Fuseki vulnerable to path traversal
Overview Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 - CVE-2025-49656 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to the developer and IPA. After the coordination between the reporter and the...
JVN#90566559: Apache Jena Fuseki vulnerable to path traversal
Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score 2.7 CVE-2025-49656 Impact A remore...
"SwitchBot" App vulnerable to insertion of sensitive information into log file
Overview "SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-53649 Soh Satoh reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
JVN#59585716: "SwitchBot" App vulnerable to insertion of sensitive information into log file
"SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.1 CVE-2025-53649 Impact...
TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection
Overview VIGI NVR1104H-4P and VIGI NVR2016H-16MP provided by TP-Link Systems Inc. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-7723, CVE-2025-7724 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
TP-Link Archer C1200 vulnerable to clickjacking
Overview Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 - CVE-2025-6983 Daimon Kawashima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
JVN#39913189: TP-Link Archer C1200 vulnerable to clickjacking
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-6983 Impact If a user views a malicious pag...
Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
Overview Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 - CVE-2025-43881 n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple vulnerabilities in ELECOM wireless LAN routers
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...
JVN#21177718: Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3...
"region PAY" App for Android vulnerable to insertion of sensitive information into log file
Overview "region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-52580 Kubo Naoki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#07825095: "region PAY" App for Android vulnerable to insertion of sensitive information into log file
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 2.4...
Security updates for Trend Micro products (June 2025)
Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Key memory-mapped files may be overwritten due to an insecure access control...
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Overview ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 JVN70666401. Hiroki Sato of Institute of Science Tokyo...
JVN#44419726: ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.8 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2025-53842 Thi...
Least Privilege Violation Vulnerability in the communications functions of NJ/NX series Machine Automation Controllers
Overview Least privilege violation vulnerability CWE-272 exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software provided by OMRON Corporation. - CVE-2025-1384 OMRON Corporation reported this vulnerability to JPCERT/CC to notify...
Firebox T15 contains an issue with hidden functionality
Overview Firebox T15 provided by WatchGuard Technologies contains the following vulnerability. Hidden functionality CWE-912 - CVE-2025-4106 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may log...
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...
Heap-based buffer overflow vulnerability in V-SFT and TELLUS
Overview A heap-based buffer overflow vulnerability CWE-122 exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. - CVE-2025-50130 Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Opening V9 files or X1 file...
Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)
Overview Trend Micro Incorporated has released a security update for Trend Micro Security for Windows CVE-2025-52521. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files or folders may be deleted due to a windows...
Multiple vulnerabilities in Nimesa Backup and Recovery
Overview Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-48501 Server-side request forgery CWE-918 - CVE-2025-53473 Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC...
JVN#88251376: Multiple vulnerabilities in Nimesa Backup and Recovery
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-48501 Server-side request...
Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)
Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Arbitrary files may be deleted during the product installation d...
Multiple vulnerabilities in Active! mail
Overview Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-52462 Cross-site request forgery CSRF CWE-352 - CVE-2025-52463 Rintaro Fujita and Shoji Baba of GAKUSHUIN UNIVERSITY reported these vulnerabilities to IPA...
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Overview CONPROSYS HMI System CHS provided by Contec Co.,Ltd. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-34080 Insertion of sensitive information into debugging code CWE-215 - CVE-2025-34081 Alex Williams of Converge Technology Solutions...
JVN#89505333: Multiple vulnerabilities in Active! mail
Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-52462 Cross-site request...
Pass-Back Attack vulnerability in Konica Minorta bizhub series
Overview Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Vulnerability that could allow a Pass-Back Attack CWE-522 - CVE-2025-6081 Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Multiple vulnerabilities in Web Connection of Konica Minolta MFPs
Overview Multiple MFPs multifunction printers provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-5884 Cross-site request forgery CWE-352 - CVE-2025-5885 Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify...
SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
Overview SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 - CVE-2025-41439 Matteo Santini reported this vulnerability to Ricoh Company, Ltd. direct...
Multiple vulnerabilities in TB-eye network recorders and AHD recorders
Overview Network recorders and AHD recorders provided by TB-eye Ltd. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-36529 Classic buffer overflow CWE-120 - CVE-2025-41418 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/C...
JVN#24333956: SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1...
Multiple Brother driver installers for Windows vulnerable to privilege escalation
Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...
Multiple vulnerabilities in multiple BROTHER products
Overview Multiple BROTHER products provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-51977 Use of weak credentials CWE-1391 - CVE-2024-51978 Stack-based buffer overflow...
Multiple vulnerabilities in iroha Board
Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...
Denial-of-service (DoS) vulnerabilities in multiple Apache products
Overview Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 - CVE-2025-48976, CVE-2025-48988 TERASOLUNA Framework Security Team of NTT DATA Group Corporation reported this...
JVN#09924566: Denial-of-service (DoS) vulnerabilities in multiple Apache products
Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base...
JVN#92520966: Multiple vulnerabilities in iroha Board
iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-41404 Cross-site request forgery...
Inefficient regular expressions in GROWI
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2025-43880 Takanori Okamoto of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple vulnerabilities in ELECOM wireless LAN routers
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-36519 OS command injection in Connection Diagnostics page CWE-78 - CVE-2025-41427 Stored cross-site scripting in...
Trend Micro Internet Security and Trend Micro Maximum Security vulnerable to link following local privilege escalation (CVE-2025-49384, CVE-2025-49385)
Overview Trend Micro Incorporated has released security updates for Trend Micro Internet Security and Trend Micro Maximum Security that contains a fix for a link following local privilege escalation vulnerability CVE-2025-49384, CVE-2025-49385. Trend Micro Incorporated reported this vulnerability...
JVN#39435597: Multiple vulnerabilities in ELECOM wireless LAN routers
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4...
JVN#21624250: Inefficient regular expressions in GROWI
GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2025-43880 Impact A logged-in user...
KCM3100 vulnerable to authentication bypass using an alternate path or channel
Overview KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 - CVE-2025-51381 Namihiko Matsumura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#46288336: KCM3100 vulnerable to authentication bypass using an alternate path or channel
KCM3100 provided by KAON is a Wi-Fi enabled gateway. KCM3100 contains the following vulnerability. Authentication bypass using an alternate path or channel CWE-288 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Scor...
Multiple vulnerabilities in RICOH Streamline NX PC Client
Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...
JVN#27937557: Multiple vulnerabilities in RICOH Streamline NX PC Client
RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Base Score 6.5...
UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
Overview UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 Shu Yoshikoshi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...
Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Overview Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 - CVE-2025-36513 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was...