Cybozu
Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone. In addition to the main office in Tokyo, Cybozu also has offices in Matsuyama and Osaka, as well as several overseas subsidiaries in countries including Vietnam, China, Australia and the United States. The U.S.-based subsidiary, kintone Corporation, is located in San Francisco, California.
Products
21- 200 CVEs
- 81 CVEs
- 16 CVEs
- 13 CVEs
- 8 CVEs
- 8 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
332| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34046 | Cri | 0.65 | — | 0.01 | Jun 26, 2025 | An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters… | ||
| CVE-2016-1219 | Cri | 0.64 | 9.8 | 0.03 | Apr 20, 2017 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | ||
| CVE-2018-0607 | Hig | 0.57 | 8.8 | 0.01 | Jul 26, 2018 | SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2018-0530 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2018 | SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2016-7803 | Hig | 0.57 | 8.8 | 0.02 | Jun 9, 2017 | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | ||
| CVE-2016-4907 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | ||
| CVE-2016-1218 | Hig | 0.57 | 8.8 | 0.02 | Apr 20, 2017 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1151 | Hig | 0.57 | 8.8 | 0.01 | Feb 17, 2016 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2016-1189 | Hig | 0.53 | 8.1 | 0.01 | Jun 25, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | ||
| CVE-2016-7833 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2017 | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | ||
| CVE-2016-1193 | Hig | 0.49 | 7.5 | 0.02 | Jun 25, 2016 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | ||
| CVE-2016-1195 | Hig | 0.48 | 7.4 | 0.02 | Jun 19, 2016 | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | ||
| CVE-2015-8483 | Hig | 0.48 | 7.4 | 0.01 | Feb 17, 2016 | Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | ||
| CVE-2016-1187 | Med | 0.44 | 6.8 | 0.01 | Apr 21, 2017 | Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | ||
| CVE-2016-7802 | Med | 0.42 | 6.5 | 0.03 | Jun 9, 2017 | Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2016-1194 | Med | 0.42 | 6.5 | 0.02 | Apr 21, 2017 | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | ||
| CVE-2016-4843 | Med | 0.42 | 6.5 | 0.02 | Apr 20, 2017 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | ||
| CVE-2016-4871 | Med | 0.42 | 6.5 | 0.02 | Apr 17, 2017 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | ||
| CVE-2016-4869 | Med | 0.42 | 6.5 | 0.02 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | ||
| CVE-2016-1190 | Med | 0.42 | 6.5 | 0.01 | Jun 25, 2016 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. |
- risk 0.65cvss —epss 0.01
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…
- risk 0.64cvss 9.8epss 0.03
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
- risk 0.57cvss 8.8epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
- risk 0.57cvss 8.8epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
- risk 0.53cvss 8.1epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
- risk 0.48cvss 7.4epss 0.02
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
- risk 0.48cvss 7.4epss 0.01
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
- risk 0.44cvss 6.8epss 0.01
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
- risk 0.42cvss 6.5epss 0.03
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
- risk 0.42cvss 6.5epss 0.02
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
- risk 0.42cvss 6.5epss 0.02
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
- risk 0.42cvss 6.5epss 0.02
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
- risk 0.42cvss 6.5epss 0.01
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.