Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":April 26, 2025, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	-		-	-	Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder. New	-	CVE-2025-25775	2025-04-26 02:15	2025-04-26
2	-		-	-	A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. New	-	CVE-2025-3638	2025-04-26 02:15	2025-04-26
3	-		-	-	Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p… New	-	CVE-2025-28076	2025-04-26 02:15	2025-04-26
4	-		-	-	An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. New	-	CVE-2025-28354	2025-04-26 02:15	2025-04-25
5	-		-	-	ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx. New	-	CVE-2025-29529	2025-04-26 02:15	2025-04-25
6	-		-	-	Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks. New	-	CVE-2025-25777	2025-04-26 02:15	2025-04-25
7	6.5	MEDIUM Network	dragonflydb	dragonfly	DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. New	NVD-CWE-noinfo	CVE-2025-26268	2025-04-26 01:33	2025-04-18
8	-		think	tk-rt-wr135g_firmware	An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. New	-	CVE-2024-55211	2025-04-26 01:31	2025-04-18
9	6.5	MEDIUM Network	jetbrains	rubymine	In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces New	CWE-1188 Insecure Default Initialization of Resource	CVE-2025-43015	2025-04-26 01:30	2025-04-18
10	-		lm21	twonav	An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function. New	-	CVE-2025-29449	2025-04-26 01:28	2025-04-18

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:April 25, 2025, 6:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	8.1	重要 Network	Ofofonobs Developer	HubBank - Online Net Banking PHP Script	Ofofonobs Developer の HubBank - Online Net Banking PHP Script における SQL インジェクションの脆弱性 New	CWE-89 SQLインジェクション	CVE-2024-4307	2025-04-25 17:58	2024-04-29
2	7.8	重要 Local	Kovid Goyal	kitty	Kovid Goyal の kitty における同一生成元ポリシー違反に関する脆弱性 New	CWE-346 CWE-346	CVE-2025-43929	2025-04-25 17:58	2025-04-20
3	9.8	緊急 Network	TP-LINK Technologies	M7650 ファームウェア	TP-LINK Technologies の M7650 ファームウェアにおける SQL インジェクションの脆弱性 New	CWE-89 SQLインジェクション	CVE-2025-29651	2025-04-25 17:55	2025-04-16
4	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性 New	CWE-476 NULL ポインタデリファレンス	CVE-2025-22009	2025-04-25 17:50	2025-03-11
5	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性 New	CWE-476 NULL ポインタデリファレンス	CVE-2025-22007	2025-04-25 17:48	2025-03-13
6	5.4	警告 Network	Drupal	ECA: Event - Condition - Action	Drupal の Drupal 用 ECA: Event - Condition - Action におけるクロスサイトリクエストフォージェリの脆弱性 New	CWE-352 CWE-352	CVE-2025-3131	2025-04-25 17:46	2025-04-9
7	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における境界外読み取りに関する脆弱性 New	CWE-125 境界外読み取り	CVE-2025-22003	2025-04-25 17:46	2025-03-14
8	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における NULL ポインタデリファレンスに関する脆弱性 New	CWE-476 NULL ポインタデリファレンス	CVE-2025-21990	2025-04-25 17:44	2025-03-12
9	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における有効期限後のメモリの解放の欠如に関する脆弱性 New	CWE-401 有効期限後のメモリの解放の欠如	CVE-2025-21981	2025-04-25 17:43	2025-03-5
10	7.8	重要 Local	Linux	Linux Kernel	Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2025-21945	2025-04-25 17:40	2025-03-2

Version update history excerpt Go To Version Update History

Target Period : 2025-04-19 〜 2025-04-26

No	Name	Genre	Version	Release date	Security Fix	Release Information
1	New!! Spring Boot 3	framework	3.4.5	2025-04-24	Unknown	Show
2	New!! Perl 5	programming	5.41.12	2025-04-21	Unknown	Show

Support Expiration Date Go to Support Expiration Information

Target Period : 2025-03-01 〜 2025-07-31

No	Name	Normal Support	Security Support	Extended Support
1	Ruby 3.1	2025-03-31
2	Node.js 18 (LTS)	2023-10-18	2025-04-30
3	Django5.0	2022-08-31		2025-04-30
4	MariaDB 10.5	2025-06-24
5	MongoDB 5.1	2025-06-30
6	MongoDB 6.0	2025-07-31

2025-4-25 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	another round,Review: Ryzen AI CPU makes this the fastest the Framework Laptop 13 has ever been,With great power comes great responsibility and subpar battery life.,Andrew Cunningham,–,4/24/2025,\|,85, ...	English News Foreign Country Blog Site Information Gathering
2	Bleeping Computer®	https://www.bleepingcomputer.com/	FBI: US lost record $16.6 billion to cybercrime in 2024,Blue Shield of California leaked health data of 4.7 million members to Google,Microsoft fixes Remote Desktop freezes caused by Windows updates,H ...	English News Foreign Country Information Provision
3	cnet	https://www.cnet.com/	AI Essentials: 27 Ways to Make Gen AI Work for You,02,How to Prepare for a Recession: 5 Money Rules Experts Recommend,04,Apple's 'Close Your Rings Day' Is Coming. Get the Limited-Edition Pin,Nintendo ...	English News Foreign Country Blog
4	Cybersecurity News	https://securityonline.info/	April 24, 2025,3 min read,Vulnerability,CISA Clarifies CVE Program’s Stability Amid Funding Concerns,ddos-admin,April 24, 2025,2 min read,Vulnerability,Redis Vulnerability Exposes Servers to Denial-of ...	English News Foreign Country Information Provision
5	Gizmodo	https://gizmodo.com/	GameStop Bungles Nintendo Switch 2 First Day Preorders,GameStop's Switch 2 preorders page shows the console is now sold out, though you should check your orders page in case you got lucky.,Kyle Barr,T ...	English News Foreign Country Blog
6	HELPNETSECURITY	https://www.helpnetsecurity.com/	Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028),April 24, 2025,Understanding 2024 cyber attack trends,April 24, 2025,Skyhawk Security brings preemptive cloud app defense to ...	English News Foreign Country Information Provision
7	is 702 (Internet Security Knowledge)	https://news.trendmicro.com/ja-jp/	010から始まる電話番号に注意！国際電話詐欺が増加中,2025/4/24,詐欺,国税庁や税務署を装う迷惑メールがしつこい！開いてしまった時の対処法を解説,2025/4/24,詐欺,Androidで迷惑メッセージ（SMS）の受信拒否や振り分けをする方法,2025/4/24,迷惑メール/迷惑SMS,iPhoneで迷惑メッセージの着信拒否や振り分けをする方法,2025/4/24,迷惑メール/迷惑SMS, ...	Japanese News Major
8	Krebs on Security	https://krebsonsecurity.com/	DOGE Worker’s Code Supports NLRB Whistleblower,April 23, 2025,39 Comments,A whistleblower at the,National Labor Relations Board,(NLRB) alleged last week that denizens of Elon Musk’s,Department of Gove ...	English News Foreign Country Blog
9	Mashable	https://mashable.com/	Beware of dupes,No, those Chinese factory TikToks won't help you bypass Trump's tariffs,speaking of tariffs...,Should I panic buy vibrators right now?,monsieur, a wafer-thin mint?,iPhone 17 Air looks ...	English News Foreign Country Blog
10	ScanNetSecurity	https://scan.netsecurity.ne.jp/	2025.04.25（金）,脆弱性と脅威,2025.4.24 Thu 8:10,IObit Malware Fighter における特権昇格につながる任意のファイル削除の脆弱性（Scan Tech Report）,2025 年 1 月に、IObit 社の Malware Fighter にて管理者権限の奪取が可能となる脆弱性が報告されています。,今日もどこかで情報漏えい第35回「2025年3月の ...	Japanese News Information Provision
11	Schneier on Security	https://www.schneier.com/	New Linux Rootkit,Interesting,:,The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without ...	English News Foreign Country Blog
12	scmagazine	https://www.scmagazine.com/	‘Vibe coding’ using LLMs susceptible to most common security flaws,Laura,French,April 24, 2025,OpenAI’s models were most likely to produce vulnerable code in tests by Backslash Security.,AI/ML,AI at R ...	English News Foreign Country Information Provision
13	SensorsTechForum.com	https://sensorstechforum.com/	THREAT REMOVAL,CmbLabs Ransomware [.cmblabs Files] Removal & Recovery,What Is CmbLabs Virus? CmbLabs Virus is a type of ransomware. It locks your files and asks for money to unlock them. It often spre ...	English News Foreign Country Information Provision Malware and ransomware support
14	TechCrunch	https://techcrunch.com/	AI,OpenAI wants its ‘open’ AI model to call models in the cloud for help,Maxwell Zeff,3 hours ago,Startups,Evernote founder’s video startup mmhmm becomes Airtime, launches new products,Sarah Perez,3 h ...	English News Foreign Country Blog Site Information Gathering
15	TechNadu.com	https://www.technadu.com/	6 Unique Things in the Wednesday Season 2 Teaser: From Enid's Foreshadowed Death to Hyde's Return,Published,Novel ToyMaker Initial Access Broker Collaborates with Cactus Ransomware Group,Published,Laz ...	English News Foreign Country Information Provision
16	TechRadar	https://www.techradar.com/	Your Ray-Ban Meta smart glasses just became an even better travel companion thanks to live translation,I already loved the Ray-Ban smart glasses as a travel companion, and a new update makes them even ...	English News Foreign Country Blog
17	TechTarget Japan	https://techtarget.itmedia.co.jp/tt/security/	Mandiantの年次脅威レポートから読み解く,日本でも対策が遅れる「あの侵入経路」が急増――攻撃グループの活動実態,セキュリティベンダーMandiantがまとめた調査レポートによると、脆弱性が侵入経路として広く悪用される傾向に変わりはないが、侵入経路の2番目には前年までとは異なる新たな項目が浮上した。,追跡しにくい「国家支援型攻撃」や「生成AI悪用」が急増――CrowdStrikeが報告,「兵器 ...	Japanese News Information Provision
18	The Verge	https://www.theverge.com/	Play,Motorola’s new Razr Ultra brings the wood back panel back,The new high-end Razr Ultra comes with an Ultra price.,Allison Johnson,4:00 PM UTC,Nintendo Switch 2 preorders were a total mess — at fir ...	English News Foreign Country Blog
19	wired	https://www.wired.com/	Takeover,'Who Is Doge?' Has Become a Metaphysical Question,The acting head of the General Services Administration says it has no DOGE team. It merely lists at least a half-dozen DOGE affiliates on pay ...	English News Blog
20	ZDNet Japan Security	https://japan.zdnet.com/security/	増加する「内部脅威」の実態と対策--Splunk矢崎氏が解説,2025-04-25 07:00,サイバー防御のBlueVoyantが日本進出--マネージドサービスで成長,2025-04-25 06:00,AIと機械学習の通信処理が3000％以上増加、利用と遮断のトップは「ChatGPT」,2025-04-24 14:50,読まれている記事,グーグルを利用した巧妙なフィッシング詐欺の手口と対策,DN ...	Japanese News Information Provision
21	CyberSecurity.com	https://cybersecurity-jp.com/	2025/04/24,東海大学が不正アクセスでランサム感染、ネットワーク遮断で関連機関に影響か,2025/04/24,住友電設株式会社、タイ子会社が不正アクセスでランサム感染,2025/04/23,台湾子会社がランサム感染で暗号化被害│ローツェ株式会社,2025/04/23,サーバー脆弱性で不正アクセス、情報漏えいの可能性も│株式会社研創,2025.04.24,脆弱性診断ツール（オープンソース）お ...	Japanese News Company Blog Information Provision
22	Malware Information Bureau	https://eset-info.canon-its.jp/malware_info/	情報局｜マルウェアレポート（/malware_topics/）,2025.4.24,2025年3月マルウェアレポートテイクダウン後に活動再開するマルウェアの脅威について解説,2025年3月にESET製品が日本国内で検出したマルウェアの概要について紹介しています。3月は、テイクダウン後に活動再開する脅威について取り上げています。,2025.4.24,2025年3月マルウェアレポートテイクダウ ...	Japanese News Information Provision

security_company

No	Name	URL	Excerpt Of Changes	Tag
1	EG Secure Solutions Inc.	https://www.eg-secure.co.jp/	NEW,お知らせ,2025年4月24日,お知らせ,【9月開催】CTC教育サービス『ウェブ・セキュリティ基礎（徳丸基礎試験認定）』開催のご案内,【9月29日開催】弊社取締役CTOである徳丸浩が監修し、「体系的に学ぶ安全なWebアプリケーションの作り方第2版」を基本的な出題範囲とし...,受付終了	Japanese Web Audit Network Audit Company Smartphone Audit IoT Audit Create Development Guidelines Security enhancement support Requirements Consulting WAF Installation Support Security Advisor WordPress Security Enhancement EC-CUBE Security Enhancement Support
2	Positive Technologies	https://www.ptsecurity.com/	/products,/products,ПРОДУКТ,Перейти,PT Dephaze — больше чем BAS,Узнайте больше о продукте,для автопентеста,от Positive Technologies,Перейти,Смотреть запись,22:48 МСК \| 24.4.2025,1315.8₽	English News News Web Audit Network Audit Company Smartphone Audit WAF Forensic Pentest SIEM Vulnerability Management Vulnerability Management ERP Security ERP Security Infra Security
3	Qualys, Inc	https://www.qualys.com/	Policy Audit,NEW,Introducing the New Standard,for,Audit Readiness,Simplify audits, close gaps faster, and eliminate manual compliance effort with,Qualys Policy Audit,.,Learn More,May, 2025,8,Webinar,I ...	English Web Audit Network Audit Tools Company Consulting Endpoint Detection and Response(EDR) E-Learning Automatic Audit tools Cloud Security Support for PCIDSS Cloud Infra Security
4	NTT Advanced Technology Corporation	https://www.ntt-at.co.jp/	2025/04/24,生成AI活用で自治体の窓口対応業務を支援、AIエージェントシステムの試験運用を開始,2025/04/24,生成AI活用で自治体の窓口対応業務を支援、AIエージェントシステムの試験運用を開始	Japanese Web Audit Network Audit Company Consulting Education Endpoint Detection and Response(EDR) Incident Response Forensic Security enhancement support Security enhancement support Automatic Audit tools Targeted Email Attack Training SIEM Cloud IDS/IPS Management DDos protection Endpoint Audit Monitoring CSPM（Cloud Security Posture Management） Internal information leakage countermeasures
5	Kobe Digital Labo	https://www.kdl.co.jp/	2025.04.24,プレスリリース,標的型攻撃メール訓練サービス「Selphish（セルフィッシュ）」QRコードフィッシング訓練機能をリリース	Japanese Web Audit Consulting Incident Response Security enhancement support System Development Targeted Email Attack Training Smartphone App Development
6	Toinx Co., Ltd.	https://service.toinx.co.jp/	Read More,2025.04.24,「スクール島のデカボ大作戦！」リリース！アプリで子ども達の脱炭素行動を促進,Read More,2025.04.24,「スクール島のデカボ大作戦！」リリース！アプリで子ども達の脱炭素行動を促進,Read More,スクール島のデカボ大作戦！	Japanese Web Audit Network Audit Manipulation Detection Mail Pentest Targeted Email Attack Training Embedded Device Assessment
7	TRADE WORKS Co., Ltd	http://www.tworks.co.jp/	2025.4.23,トレードワークス、証券業界を狙うサイバー攻撃に即応：多要素認証（MFA）相談窓口を新設(株式会社トレードワークス),東証スタンダード市場上場。証券取引システムをはじめ、Eコマース、Web3まで安全、高速、利便性の高いシステムをご提供。各種UX設計やOMOの実現まであらゆる取引に精通したプロフェッショナルなエンジニア集団です。	Japanese Web Audit Network Audit Company Source Code Audit Automatic Audit tools Vulnerability Management Information Provision
8	BroadBand Security, Inc.	https://www.bbsec.co.jp/	インシデントレスポンス／,フォレンジック平時の備え,インシデント発生時に重要な初動対応を迅速に行うために「平時の備え」をおすすめします!	Japanese Web Audit Network Audit Company Source Code Audit Consulting Education Manipulation Detection Endpoint Detection and Response(EDR) Mail Incident Response Mail Security Support for PCIDSS Malware and ransomware support

tool

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Project Discovery	https://projectdiscovery.io/	Trusted by 100k+ security professionals,More features,Discover your entire attack surface,Assign tickets and alert your team in minutes,Learn more,Faster detection. Faster protection.,How ProjectDisco ...	English Network Audit Tools Foreign Country Open Source

blog

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Trend Micro Security News	https://www.trendmicro.com/ja_jp/security-intelligence/breaking-news.html	Trend Vision One,サポート,パートナーポータル,Cloud One,Customer Licensing Portal (CLP)	Japanese News Major Blog Information Provision

organization

No	Name	URL	Excerpt Of Changes	Tag
1	Center for Internet Security	https://www.cisecurity.org/	White Paper,04.24.2025,The Cost of Cyber Defense: CIS Controls IG1,Read More	English Foreign Country Organization Information Provision
2	Information-technology Promotion Agency	https://www.ipa.go.jp/	2025年4月24日,【デジタル事例データベース】DXセレクション2025優良事例株式会社樋口製作所のDX事例を掲載しました,デジタル,マナビDX,「マナビDX」は、デジタルスキルを身につける講座を紹介するポータルサイトです。はじめての方でもデジタルスキルを学ぶことのできる学習コンテンツを紹介します。また、掲載している講座の中には、受講費用等の補助が受けられる講座もあります。,企業組織向け ...	Japanese Organization Government Qualifications Information Provision
3	JPCERT/CC	https://www.jpcert.or.jp/	2025-04-24 12:00,複数のi-PRO設定ツールにおけるハードコードされた暗号鍵の使用の脆弱性,2025-04-24,JPCERT/CC Eyes「Ivanti Connect Secureに設置されたマルウェアDslogdRAT」,JPCERT/CC Eyes「Ivanti Connect Secureに設置されたマルウェアDslogdRAT」	Japanese Organization Government Incident Response
4	NICT: National Institute of Information and Communications Technology	http://www.nict.go.jp/	世界記録更新、標準外径の19コア光ファイバで毎秒1.02ペタビットの1,808 km伝送を達成,2025年,4月24日,〜将来の長距離大容量光通信インフラ実現に期待〜,国立研究開発法人情報通信研究機構（,NICT,（,エヌアイシーティー,）,、理事長: 徳田英幸）及び住友電気工業株式会社（住友電工、社長: 井上治）は、標準外径（0.125 mm）の19コア光ファイバで、毎秒1.02ペタビットの ...	Japanese Organization Government

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Vulnerability countermeasure information database	https://jvndb.jvn.jp/index.html	最終更新日：2025/04/24,現在の登録件数：236046件,2025/04/24,JVNDB-2024-022850,Oracle MySQL の MySQL Server における Server: Optimizer に関する脆弱性,4.9（警告）,2025/04/24,New,JVNDB-2025-003999,InternLM の LMDeploy におけるコードインジェクションの脆弱 ...	Japanese News Organization Government Windows Linux/Unix Mac OS Information Provision