5617 matches found
JVN#04278547: Multiple vulnerabilities in home gateway HGW-BL1500HM
Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Stored cross-site scripting in the NickName registration screen CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-27567 Stored cross-site scripting in the USB storage...
+F FS010M vulnerable to OS command injection
Overview +F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-24306 OS command injection CWE-78 - CVE-2025-25220 Takeshi Kuramori of National Institute of Information and Communications Technology,...
JVN#11230428: +F FS010M vulnerable to OS command injection
+F FS010M provided by FUJI SOFT INCORPORATED contains multiple OS command injection vulnerabilities listed below. OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-24306 OS command injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base...
hostapd vulnerable to improper processing of RADIUS packets
Overview hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. KUSABA Takeshi of Internet Initiative Japan Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When...
JVN#19358384: hostapd vulnerable to improper processing of RADIUS packets
hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. Impact When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS...
Multiple vulnerabilities in RemoteView Agent (for Windows)
Overview RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a...
JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)
RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a specific...
Multiple vulnerabilities in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine)
Overview FutureNet AS series Industrial Routers and FA series Protocol Conversion Machine provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Authentication Bypass CWE-288 - CVE-2025-24846 Buffer Overflow CWE-120 - CVE-2025-25280 Chuya Hayakawa and Ryo Kamino of...
"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel
Overview "RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel CWE-288. Johan Francsics reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An attacker with acces...
Multiple cross-site scripting vulnerabilities in Movable Type
Overview Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 - CVE-2025-22888 Stored cross-site scripting vulnerability in the HTML edit mode ...
RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
Overview RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. contain an incorrect resource transfer between spheres vulnerability. RevoWorks SCVX and RevoWorks Browser provided by J's Communication Co., Ltd. build a sandbox environment isolated from a server or a client's...
JVN#91300609: RevoWorks SCVX and RevoWorks Browser vulnerable to incorrect resource transfer between spheres
RevoWorks SCVX and RevoWorks Browser provided by J’s Communication Co., Ltd. build a sandbox environment isolated from a server or a client's local environment. These products provide the function enabling execution of sanitizing files when downloading files from the sandbox environment to the...
JVN#48742353: Multiple cross-site scripting vulnerabilities in Movable Type
Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-22888 Stored cross-si...
Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs
Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability CWE-787, CVE-2024-45320 due to a flaw in verifying the length of data. Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and...
Out-of-bounds read vulnerability in OMRON CX-Programmer
Overview CX-Programmer provided by OMRON Corporation contains an out-of-bounds read vulnerability CWE-125, CVE-2025-0591. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact Having a user open a specially crafted file may lead to information...
Out-of-bounds read vulnerability in Cente middleware
Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...
Multiple vulnerabilities in The LuxCal Web Calendar
Overview The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 - CVE-2025-25221 SQL injection in retrieve.php CWE-89 - CVE-2025-25222 Path traversal in dloader.php CWE-22 - CVE-2025-25223 Missing authentication in dloader.php...
JVN#26024080: Multiple vulnerabilities in The LuxCal Web Calendar
The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities listed below. SQL injection in pdf.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3 CVE-2025-25221 SQL injection in retrieve.php CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 7.3...
acmailer CGI and acmailer DB vulnerable to OS command injection
Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...
Multiple vulnerabilities in NEC Aterm series (NV25-003)
Overview Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 - CVE-2025-0354 Missing Authentication for Critical Function CWE-306 - CVE-2025-0355 OOS Command Injection CWE-78 - CVE-2025-0356 CVE-2025-0354, CVE-2025-0355...
JVN#96957439: acmailer CGI and acmailer DB vulnerable to OS command injection
acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by an attacker. Solution Update the software Update the software to the latest version according to the information provided by the...
JVN#65447879: Multiple vulnerabilities in NEC Aterm series (NV25-003)
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Stored Cross-site Scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8 CVE-2025-0354 Missing Authentication for Critical Function CWE-306 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
Multiple vulnerabilities in FileMegane
Overview FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 - CVE-2025-20075 Authentication Bypass by Spoofing CWE-290 - CVE-2025-25055 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported these...
JVN#80527854: Multiple vulnerabilities in FileMegane
FileMegane provided by JIP InfoBridge Co., Ltd. contains multiple vulnerabilities listed below. Server-Side Request Forgery SSRF CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L Base Score 7.2 CVE-2025-20075 Authentication Bypass by Spoofing(CWE-290) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A...
acmailer vulnerable to cross-site scripting
Overview acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. This vulnerability was reported to IPA, and JPCERT/CC started coordination with the developer in 2023. The developer released the fixed version on 2023. The coordination between JPCERT/CC and...
JVN#84319378: acmailer vulnerable to cross-site scripting
acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product. Solution Update the software Update the software to the latest versi...
OMRON NJ/NX series vulnerable to path traversal
Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-12083. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...
Multiple vulnerabilities in STEALTHONE D220/D340/D440
Overview Network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20016 OS Command Injection CWE-78 - CVE-2025-20055 SQL Injection CWE-89 - CVE-2025-20620 Chuya Hayakawa and Ryo Kamino of...
Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer
Overview NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611, CVE-2024-12298. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially...
Multiple vulnerabilities in Defense Platform Home Edition
Overview Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 - CVE-2025-20094 Execution with unnecessary privileges CWE-250 - CVE-2025-22890 Improper handling of message in specific...
JVN#66673020: Multiple vulnerabilities in Defense Platform Home Edition
Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Base Score 8.8 CVE-2025-20094 Execution with unnecessary privileges CWE-250...
WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...
JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...
Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager
Overview A Clickjacking Vulnerability was found in JP1/ServerConductor/Deployment Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
SXF Common Library vulnerable to improper input data handling
Overview SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a produc...
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2024-12647, CVE-2024-12648, CVE-2024-12649, CVE-2025-2146. Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the...
JVN#23839833: SXF Common Library vulnerable to improper input data handling
SXF Common Library provided by General Incorporated Association OCF is vulnerable to improper input data handling CWE-237. Impact If a product using the library reads a crafted file, the product may be crashed. Solution Apply the workaround Applying the following workaround may mitigate the impac...
WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#88046370: WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting
WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...
EXIF Viewer Classic vulnerable to cross-site scripting
Overview EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor...
JVN#05508012: EXIF Viewer Classic vulnerable to cross-site scripting
EXIF Viewer Classic provided by Rodrigue former Kakera is a Google Chrome browser extension. The affected versions of the product improperly handle EXIF meta data, resulting in a cross-site scripting vulnerability CWE-79. Versions 2.3.2 and 2.4.0 were reported as vulnerable. The vendor informs us...
Multiple vulnerabilities in I-O DATA router UD-LT2
Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...
JVN#15293958: Multiple vulnerabilities in I-O DATA router UD-LT2
UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2 CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
FortiWeb vulnerable to SQL injection
Overview FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Kentaro Kawane of GMO Cybersecurity by Ierae reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
JVN#83855727: FortiWeb vulnerable to SQL injection
FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability CWE-89, CVE-2024-55593. Impact Information in the FortiWeb database may be obtained by a user who can log in to the product. Solution Update the software Update the software to the latest version according to the...
Linux Ratfor vulnerable to stack-based buffer overflow
Overview Linux Ratfor provided by the Dimensional Gate contains a stack-based buffer overflow vulnerability CWE-121. Yuhei Kawakoya of NTT Social Informatics Laboratories / NTT Security Holdings Corporation reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact...
PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
Overview MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#57428125: PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability CWE-79. Impact If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when...
Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element
Overview Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent for Windows that contains a fix for an uncontrolled search path element vulnerability CWE-427, CVE-2024-55955. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the...
Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)
Overview Trend Micro Apex One and Apex One as a Service contain multiple vulnerabilities. Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the...