5627 matches found
Multiple SEIKO EPSON products use weak initial passwords
Overview Multiple SEIKO EPSON products contain the following vulnerability. Use of weak credentials CWE-1391 - CVE-2025-35970 The initial administrator password is easy to guess from the information available via SNMP SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify user...
Multiple vulnerabilities in Mubit Powered BLUE 870
Overview Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-54958 Path traversal CWE-22 - CVE-2025-54959 CVE-2025-54958 Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#39636188: Multiple vulnerabilities in Mubit Powered BLUE 870
Powered BLUE 870 provided by Mubit co.,ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2025-54958 Path traversal CWE-22...
JVN#21048820: WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection
Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection CWE-94 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 4.6 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N Base Score 3.4 CVE-2025-54940 Impact Crafted HTML code may be...
Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection
Overview Trend Micro Endpoint security products for enterprises contain the following vulnerabilities. OS command injection vulnerability in the management console CWE-78 - CVE-2025-54948, CVE-2025-54987 Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observ...
Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Overview Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-22469 Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-22470 MASAHIRO IIDA of LAC Co., Ltd...
JVN#16547726: Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series
Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series provided by SATO Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score...
Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs
Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. contain the following vulnerability. Out-of-bounds Write CWE-787 - CVE-2025-48499 Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan of School of Cyber Science and Technology of Beihang University...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-36563 Stored cross-site scripting CWE-79 - CVE-2025-41391 Path traversal in file uploading CWE-22 - CVE-2025-41396 Path traversal in backup restore CWE-22 -...
ZXHN-F660T and ZXHN-F660A use a common credential for all installations
Overview ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations CWE-1391 - CVE-2025-53558 Yuuki Miyata of YuukiJapanTech reported this vulnerability to IPA...
JVN#66546573: ZXHN-F660T and ZXHN-F660A use a common credential for all installations
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU Optical Network Unit. ZXHN-F660T and ZXHN-F660A contain the following vulnerability. Use a common credential for all installations(CWE-1391) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7...
Apache Jena Fuseki vulnerable to path traversal
Overview Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 - CVE-2025-49656 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to the developer and IPA. After the coordination between the reporter and the...
JVN#90566559: Apache Jena Fuseki vulnerable to path traversal
Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score 2.7 CVE-2025-49656 Impact A remore...
"SwitchBot" App vulnerable to insertion of sensitive information into log file
Overview "SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-53649 Soh Satoh reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
JVN#59585716: "SwitchBot" App vulnerable to insertion of sensitive information into log file
"SwitchBot" App provided by SwitchBot contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.1 CVE-2025-53649 Impact...
TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection
Overview VIGI NVR1104H-4P and VIGI NVR2016H-16MP provided by TP-Link Systems Inc. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-7723, CVE-2025-7724 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...
TP-Link Archer C1200 vulnerable to clickjacking
Overview Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 - CVE-2025-6983 Daimon Kawashima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
JVN#39913189: TP-Link Archer C1200 vulnerable to clickjacking
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-6983 Impact If a user views a malicious pag...
Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
Overview Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 - CVE-2025-43881 n3ddih reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple vulnerabilities in ELECOM wireless LAN routers
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...
JVN#21177718: Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input
Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3...
"region PAY" App for Android vulnerable to insertion of sensitive information into log file
Overview "region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 - CVE-2025-52580 Kubo Naoki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#07825095: "region PAY" App for Android vulnerable to insertion of sensitive information into log file
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability. Insertion of sensitive information into log file CWE-532 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 2.4...
Security updates for Trend Micro products (June 2025)
Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. Impact Key memory-mapped files may be overwritten due to an insecure access control...
ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
Overview ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 - CVE-2025-53842 This vulnerability is caused by an insufficient fix for CVE-2024-39838 JVN70666401. Hiroki Sato of Institute of Science Tokyo...
JVN#44419726: ZWX-2000CSW2-HN and ZWX-2000CS2-HN vulnerable to use of hard-coded credentials
ZWX-2000CSW2-HN and ZWX-2000CS2-HN provided by ZEXELON CO., LTD. contain the following vulnerability. Use of Hard-coded Credentials CWE-798 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.8 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.5 CVE-2025-53842 Thi...
Least Privilege Violation Vulnerability in the communications functions of NJ/NX series Machine Automation Controllers
Overview Least privilege violation vulnerability CWE-272 exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software provided by OMRON Corporation. - CVE-2025-1384 OMRON Corporation reported this vulnerability to JPCERT/CC to notify...
Firebox T15 contains an issue with hidden functionality
Overview Firebox T15 provided by WatchGuard Technologies contains the following vulnerability. Hidden functionality CWE-912 - CVE-2025-4106 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker may log...
Epson Web Installer for Mac vulnerable to missing authentication for critical function
Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...
Heap-based buffer overflow vulnerability in V-SFT and TELLUS
Overview A heap-based buffer overflow vulnerability CWE-122 exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. - CVE-2025-50130 Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Opening V9 files or X1 file...
Windows shortcut following (.LNK) vulnerability in Trend Micro Security for Windows (CVE-2025-52521)
Overview Trend Micro Incorporated has released a security update for Trend Micro Security for Windows CVE-2025-52521. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Arbitrary files or folders may be deleted due to a windows...
Multiple vulnerabilities in Nimesa Backup and Recovery
Overview Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-48501 Server-side request forgery CWE-918 - CVE-2025-53473 Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC...
JVN#88251376: Multiple vulnerabilities in Nimesa Backup and Recovery
Nimesa Backup and Recovery provided by Nimesa contains multiple vulnerabilities listed below. OS command injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-48501 Server-side request...
Multiple vulnerabilities in Trend Micro Password Manager for Windows (CVE-2025-48443, CVE-2025-52837)
Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Arbitrary files may be deleted during the product installation d...
Multiple vulnerabilities in Active! mail
Overview Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-52462 Cross-site request forgery CSRF CWE-352 - CVE-2025-52463 Rintaro Fujita and Shoji Baba of GAKUSHUIN UNIVERSITY reported these vulnerabilities to IPA...
Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)
Overview CONPROSYS HMI System CHS provided by Contec Co.,Ltd. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-34080 Insertion of sensitive information into debugging code CWE-215 - CVE-2025-34081 Alex Williams of Converge Technology Solutions...
JVN#89505333: Multiple vulnerabilities in Active! mail
Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-52462 Cross-site request...
Pass-Back Attack vulnerability in Konica Minorta bizhub series
Overview Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability. Vulnerability that could allow a Pass-Back Attack CWE-522 - CVE-2025-6081 Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...
Multiple vulnerabilities in Web Connection of Konica Minolta MFPs
Overview Multiple MFPs multifunction printers provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-5884 Cross-site request forgery CWE-352 - CVE-2025-5885 Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify...
SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
Overview SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 - CVE-2025-41439 Matteo Santini reported this vulnerability to Ricoh Company, Ltd. direct...
Multiple vulnerabilities in TB-eye network recorders and AHD recorders
Overview Network recorders and AHD recorders provided by TB-eye Ltd. contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-36529 Classic buffer overflow CWE-120 - CVE-2025-41418 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/C...
JVN#24333956: SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1...
Multiple Brother driver installers for Windows vulnerable to privilege escalation
Overview Multiple Brother driver installers for Windows contain the following vulnerability. Files or directories accessible to external parties CWE-552 - CVE-2025-49797 Julian Horoszkiewicz of Eviden reported this vulnerability to the developer. JPCERT/CC coordinated between the reporter and the...
Multiple vulnerabilities in multiple BROTHER products
Overview Multiple BROTHER products provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below. Exposure of sensitive system information to an unauthorized control sphere CWE-497 - CVE-2024-51977 Use of weak credentials CWE-1391 - CVE-2024-51978 Stack-based buffer overflow...
Multiple vulnerabilities in iroha Board
Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...
Denial-of-service (DoS) vulnerabilities in multiple Apache products
Overview Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 - CVE-2025-48976, CVE-2025-48988 TERASOLUNA Framework Security Team of NTT DATA Group Corporation reported this...
JVN#92520966: Multiple vulnerabilities in iroha Board
iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2025-41404 Cross-site request forgery...
JVN#09924566: Denial-of-service (DoS) vulnerabilities in multiple Apache products
Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below. Allocation of resources without limits or throttling CWE-770 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base...
Inefficient regular expressions in GROWI
Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2025-43880 Takanori Okamoto of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Multiple vulnerabilities in ELECOM wireless LAN routers
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted upload of file with dangerous type CWE-434 - CVE-2025-36519 OS command injection in Connection Diagnostics page CWE-78 - CVE-2025-41427 Stored cross-site scripting in...