VYPR
Vendor

Cybozu

Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone. In addition to the main office in Tokyo, Cybozu also has offices in Matsuyama and Osaka, as well as several overseas subsidiaries in countries including Vietnam, China, Australia and the United States. The U.S.-based subsidiary, kintone Corporation, is located in San Francisco, California.

Founded 1997
Products
21
CVEs
332
Across products
355
Status
Private

Products

21

Recent CVEs

332
View all 332 CVEs →
  • CVE-2025-34046CriJun 26, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…

  • CVE-2016-1219CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.03

    Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

  • CVE-2018-0607HigJul 26, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-0530HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-7803HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

  • CVE-2016-4907HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

  • CVE-2016-1218HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Cybozu Garoon before 4.2.2.

  • CVE-2016-1151HigFeb 17, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

  • CVE-2016-1189HigJun 25, 2016
    risk 0.53cvss 8.1epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

  • CVE-2016-7833HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.

  • CVE-2016-1193HigJun 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

  • CVE-2016-1195HigJun 19, 2016
    risk 0.48cvss 7.4epss 0.02

    Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2015-8483HigFeb 17, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2016-1187MedApr 21, 2017
    risk 0.44cvss 6.8epss 0.01

    Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

  • CVE-2016-7802MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.03

    Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-1194MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

  • CVE-2016-4843MedApr 20, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

  • CVE-2016-4871MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

  • CVE-2016-4869MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

  • CVE-2016-1190MedJun 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.