← Back

Cybozu

cybozu

330 CVEs • 21 products

Products (21)

Click to collapse
Toggle
Garoon
garoon
198 CVEs
Office
office
71 CVEs
Remote Service Manager
remote_service_manager
22 CVEs
Mailwise
mailwise
14 CVEs
Cybozu Office
cybozu_office
7 CVEs
Dezie
dezie
6 CVEs
Kunai
kunai
6 CVEs
Cybozu Live
cybozu_live
4 CVEs
Kintone
kintone
4 CVEs
Collaborex
collaborex
2 CVEs
Cybozu Dezie
cybozu_dezie
2 CVEs
Cybozu Remote Service
cybozu_remote_service
2 CVEs
Share360
share360
1 CVE
Share 360
share_360
1 CVE
Cybozu Ag
cybozu_ag
1 CVE
Cybozu Pocket
cybozu_pocket
1 CVE
Garoon 1
garoon_1
1 CVE
Cybozu Garoon
cybozu_garoon
1 CVE
Cybozu Dotsales
cybozu_dotsales
1 CVE
Kunai Browser For Remote Service
kunai_browser_for_remote_service
1 CVE
Desktop
desktop
1 CVE

CVEs (330)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-22888
1Cybozu
1Garoon
Feb 19, 2026
Feb 2, 2026
6.9 MEDIUM· v4
7.5 HIGH· v3
N/A· v2
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
CVE-2026-22881
1Cybozu
1Garoon
Feb 19, 2026
Feb 2, 2026
6.8 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
CVE-2026-20711
1Cybozu
1Garoon
Feb 19, 2026
Feb 2, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
CVE-2024-39817
1Cybozu
1Office
Mar 18, 2025
Aug 6, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search'...Show more
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.Show less
CVE-2024-39457
1Cybozu
1Garoon
Mar 19, 2025
Jul 19, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
CVE-2024-31402
1Cybozu
1Garoon
Mar 28, 2025
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
CVE-2024-31399
1Cybozu
1Garoon
Mar 20, 2025
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
CVE-2024-31398
1Cybozu
1Garoon
Mar 13, 2025
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
CVE-2024-31397
1Cybozu
1Garoon
Feb 13, 2026
Jun 11, 2024
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of...Show more
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.Show less
CVE-2024-31404
1Cybozu
1Garoon
May 28, 2025
Jun 11, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
CVE-2024-31403
1Cybozu
1Garoon
May 28, 2025
Jun 11, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
CVE-2024-31401
1Cybozu
1Garoon
Aug 5, 2025
Jun 11, 2024
N/A· v4
9.0 CRITICAL· v3
N/A· v2
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in t...Show more
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.Show less
CVE-2024-31400
1Cybozu
1Garoon
Aug 5, 2025
Jun 11, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
CVE-2024-23304
1Cybozu
1Kunai
Jun 4, 2025
Feb 6, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
CVE-2023-46278
1Cybozu
1Cybozu Remote Service
Nov 21, 2024
Nov 1, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
CVE-2022-26838
1Cybozu
1Remote Service Manager
Nov 21, 2024
Aug 3, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
CVE-2023-27384
1Cybozu
1Garoon
Jan 17, 2025
May 23, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
CVE-2023-27304
1Cybozu
1Garoon
Jan 17, 2025
May 23, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
CVE-2023-26595
1Cybozu
1Garoon
Jan 28, 2025
May 23, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
CVE-2022-44608
1Cybozu
1Cybozu Remote Service
Apr 23, 2025
Dec 7, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.