5617 matches found
JVN#10964289: Multiple surveillance cameras provided by i-PRO Co., Ltd. vulnerable to cross-site request forgery
Multiple surveillance cameras provided by i-PRO Co., Ltd. contain the following vulnerability. Cross-Site Request Forgery CSRF CWE-352 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-36513 Impact I...
TimeWorks vulnerable to path traversal
Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
Improper file access permission settings in PC Time Tracer
Overview PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 - CVE-2025-46355 Ruslan Sayfiev and Masahiro Kawada of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...
JVN#37075430: TimeWorks vulnerable to path traversal
The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2025-41428 Impact Arbitra...
JVN#05562338: Improper file access permission settings in PC Time Tracer
PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 7.3 CVE-2025-46355 Impact Arbitrary...
Multiple vulnerabilities in wivia 5
Overview wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-41385 Cross-site Scripting CWE-79 - CVE-2025-41406 Client-Side Enforcement of Server-Side Security CWE-602 - CVE-2025-47697 Shogo Iyota of GMO Cybersecurity by...
JVN#51394666: Multiple vulnerabilities in wivia 5
wivia 5 provided by UCHIDA YOKO CO., LTD. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H Base Score 6.7 CVE-2025-41385 Cross-site Scripting CWE-...
Mailform Pro CGI generating error messages containing sensitive information
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 - CVE-2025-41441 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
JVN#39546799: Mailform Pro CGI generating error messages containing sensitive information
Mailform Pro CGI provided by SYNCK GRAPHICA contains a vulnerability listed below. Generation of error message containing sensitive information CWE-209 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 3.7...
Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
Overview The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 - CVE-2025-47149 Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC...
JVN#68079883: Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score...
Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers
Overview Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information CWE-522. CVE-2025-3078, CVE-2025-3079 Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the...
Multiple vulnerabilities in V-SFT
Overview V-SFT provided by FUJI ELECTRIC CO., LTD. contains multiple vulnerabilities listed below. Free of Pointer not at Start of Buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function CWE-761 CVE-2025-47749 Out-of-bounds Write in VS6MemInIF!settemptypedefault function CWE-787...
Multiple vulnerabilities in I-O DATA network attached hard disk 'HDL-T Series'
Overview Network attached hard disk 'HDL-T Series' provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities. OS command injection CWE-78 Affected when 'Remote Link3 function' is enabled CVE-2025-32002 Missing authentication for critical function CWE-306 CVE-2025-32738 Chuya Hayakawa an...
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Path traversal CWE-22 CVE-2025-27566 This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege Cross-site scripting CWE-79...
Pgpool-II vulnerable to authentication bypass by primary weakness
Overview Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 - CVE-2025-46801 PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
JVN#06238225: Pgpool-II vulnerable to authentication bypass by primary weakness
Pgpool-II provided by PgPool Global Development Group contains the following vulnerability. Authentication bypass by primary weakness CWE-305 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8 CVE-2025-46801...
Panasonic IR Control Hub vulnerable to Unauthorised firmware loading
Overview IR Control Hub provided by Panasonic contains a vulnerability that may lead to loading of unauthorized firmware. IR Control Hub provided by Panasonic verifies the hash value of the loading firmware when booting, but it keeps booting with the firmware even when it detects that the hash...
Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Overview Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 - CVE-2025-41393 Juan Pablo Gomez Postigo of Sprocket...
Multiple vulnerabilities in GL-MT2500 and GL-MT2500A
Overview GL-MT2500 and GL-MT2500A provided by GL.iNet contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-57391 Inefficient regular expression complexity CWE-1333 - CVE-2025-2811 Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to...
JVN#20474768: Reflected cross-site scripting vulnerability in multiple laser printers and MFPs which implement Ricoh Web Image Monitor
Web Image Monitor provided by Ricoh Company, Ltd. is an web server included and runs in laser printers and MFPs multifunction printers. Web Image Monitor contains the vulnerability listed below. Reflected cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N...
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Overview Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. Incorrect default permissions CWE-276 - CVE-2025-42598 Private security researcher Erkan Ekici reported this vulnerabili...
Security Update for Trend Micro Trend Vision One (April 2025)
Overview Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these...
Multiple vulnerabilities in Quick Agent
Overview Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' multifunction printers scan solutions. Quick Scan Easy FAX Speedoc Smart eco FAX Quick Agent contains multiple vulnerabilities listed below. Path traversal vulnerability in the file uploa...
JVN#82536398: Multiple vulnerabilities in Quick Agent
Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' multifunction printers scan solutions. Quick Scan Easy FAX Speedoc Smart eco FAX Quick Agent contains multiple vulnerabilities listed below. Path traversal vulnerability in the file upload functio...
i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key
Overview i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 Diego Giubertoni of Nozomi Networks Inc. reported this vulnerability to i-PRO Co., Ltd. and coordinated. After the coordination was completed, i-PRO Co., Ltd...
JVN#84627857: i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key
i-PRO Configuration Tool provided by i-PRO Co., Ltd. contains a vulnerability below. Use of hard-coded cryptographic key CWE-321 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 CVE-2025-32730 Impact...
Active! mail vulnerable to stack-based buffer overflow
Overview Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. QUALITIA CO., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through...
JVN#22348866: Active! mail vulnerable to stack-based buffer overflow
Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability CWE-121. The developer states that attacks exploiting the vulnerability has been observed. Impact Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead t...
TP-Link Deco BE65 Pro vulnerable to OS command injection
Overview Deco BE65 Pro provided by TP-LINK contains an OS command injection vulnerability CWE-78. Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed by the user who can log...
Multiple vulnerabilities in BizRobo!
Overview BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to che...
JVN#30641875: Multiple vulnerabilities in BizRobo!
BizRobo! is an RPA Robotic Process Automation software provided by OPEN, Inc. Users compile an automation flow using DesignStudio, a development application that runs on Windows, and create robot files. A web application Management Console is provided to schedule RPA execution and to check the...
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)
Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Apex Central 2019 Information Disclosure due to...
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
Overview Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below. Incorrect privilege assignment in the WEB UI the setting page CWE-266 - CVE-2025-23407 OS command injection in the WEB UI the setting page CWE-78 - CVE-2025-25053...
WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass
Overview WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbol...
JVN#59547048: WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass
WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" CWE-356 security warning function for files when opening a symbolic link that points to an executable file. In the initial Windows configuration, only administrators have the privilege to create symbolic links...
Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
Overview HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below. Improper Restriction of Rendered UI Layers or Frames CWE-1021 - CVE-2025-24310 Allocation of Resources Without Limits or Throttling CWE-770 -...
Out-of-bounds Write vulnerabilities in Canon Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers
Overview Out-of-bounds Write vulnerabilities were found in Canon printer drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers. Out-of-bounds Write vulnerability on curve segmentation CWE-787 - CVE-2025-0234 Out-of-bounds Write vulnerability on image...
JVN#17260367: Multiple vulnerabilities in JTEKT ELECTRONICS CORPORATION's products
HMI ViewJet C-more series and HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contain multiple vulnerabilities listed below. Improper Restriction of Rendered UI Layers or Frames CWE-1021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-24310 Allocation of Resources...
WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization
Overview WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Hiroshi Sawada of CrowdStrike Holdings, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#87266215: WordPress plugin "Welcart e-Commerce" vulnerable to untrusted data deserialization
WordPress plugin "Welcart e-Commerce" provided by Welcart Inc. contains an untrusted data deserialization vulnerability CWE-502. Impact Arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product. Solution Update the plugin Update the plug...
Improper symbolic link file handling in FutureNet NXR series, VXR series and WXR series routers
Overview FutureNet NXR series, VXR series and WXR series routers provided by Century Systems Co., Ltd. fail to properly handle symbolic link files CWE-61. Century Systems Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Attaching to the affect...
a-blog cms vulnerable to untrusted data deserialization
Overview a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. appleple inc. reported this vulnerability to JPCERT/CC to notify...
JVN#66982699: a-blog cms vulnerable to untrusted data deserialization
a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Overview CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below. Use of client-side authentication CWE-603 - CVE-2025-24517 Storing passwords in a recoverable format CWE-257 - CVE-2025-24852 Weak password requirements CWE-521 - CVE-2025-2521...
JVN#39026557: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2025-29993 The product improperly processes HTTP headers. Dependency on vulnerable third-party component CWE-1395 jQuery Validation...
Multiple vulnerabilities in AssetView
Overview AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 - CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201 - CVE-2025-27244 Takao Kondo of VeriServe Corporation...
JVN#26321838: Multiple vulnerabilities in AssetView
AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below. Missing authentication for critical function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Base Score 8.2 CVE-2025-25060 Acquiring sensitive information from sent data to the developer CWE-201...
Multiple vulnerabilities in home gateway HGW-BL1500HM
Overview Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 - CVE-2025-27567 Stored cross-site scripting in the USB storage file-sharing function CWE-79 - CVE-2025-27574 Path...