Cybozu Cybozu Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone

  1. Vendors
  2. Cybozu

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Cybozu product.

RSS Feeds for Cybozu security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Cybozu products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Cybozu Sorted by Most Security Vulnerabilities since 2018

Cybozu Garoon113 vulnerabilities

Cybozu Office36 vulnerabilities

Cybozu Remote Service Manager17 vulnerabilities

Cybozu Remote Service15 vulnerabilities

Cybozu Mailwise4 vulnerabilities

Cybozu Dezie1 vulnerability

Cybozu Kunai1 vulnerability

By the Year

In 2026 there have been 3 vulnerabilities in Cybozu. Cybozu did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 3 0.00
2025 0 0.00
2024 11 5.75
2023 5 5.62
2022 32 5.24
2021 47 0.00
2020 16 5.88
2019 34 5.84
2018 20 5.42

It may take a day or so for new Cybozu vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-22888 Feb 02, 2026
CVE-2026-22888 Garoon 5.06.0 Portal Settings Input Validation Bypass Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
Garoon
CVE-2026-22881 Feb 02, 2026
Cybozu Garoon XSS in Message 5.15.06.0.3 enabling password reset Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users passwords.
Garoon
CVE-2026-20711 Feb 02, 2026
XSS in Cybozu Garoon 5.0.0-6.0.3 Email Allows Password Reset Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users passwords.
Garoon
CVE-2024-39817 Aug 06, 2024
Cybozu Office 10.0.0-10.8.6 Sensitive Info Leak via Custom App Search Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
Office
CVE-2024-39457 Jul 19, 2024
XSS in PDF preview of Cybozu Garoon 6.0.0-6.0.1 Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.
Garoon
CVE-2024-31397 Jun 11, 2024
DoS via Extra Value Handling in Cybozu Garoon <5.15.2 Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
Garoon
CVE-2024-31398 Jun 11, 2024
CVE-2024-31398: Sensitive Data Leak in Cybozu Garoon 5.0.0-5.15.2 via Sent Data Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
Garoon
CVE-2024-31399 Jun 11, 2024
Cybozu Garoon 5.0.0-5.15.2 DoS via Resource Loop in Mail Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
Garoon
CVE-2024-31402 Jun 11, 2024
Garoon 5.0-5.15.2 Auth Bypass: Delete Shared To-Do Data Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
Garoon
CVE-2024-31400 Jun 11, 2024
Cybozu Garoon 5.0.0-5.15.0 Sensitive Data Leakage via Forwarded Mail Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
Garoon
CVE-2024-31401 Jun 11, 2024
XSS in Cybozu Garoon <=5.15.2 (Admin Auth) Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
Garoon
CVE-2024-31403 Jun 11, 2024
Garoon 5.x Memo Auth Bypass - Cybozu Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
Garoon
CVE-2024-31404 Jun 11, 2024
Cybozu Garoon 5.5-6.0 Scheduler Sensitive Data Exposure Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
Garoon
CVE-2024-23304 Feb 06, 2024
Cybozu KUNAI Android 3.0.20-3.0.21 DoS via Remote Unauth Ops Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
Kunai
CVE-2023-46278 Nov 01, 2023
CVE-2023-46278: Uncontrolled Resource Use in Cybozu Remote Service 4.1.0-4.1.1 Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
Cybozu Remote Service
CVE-2022-26838 Aug 03, 2023
Cybozu Remote Service 3.1.2 Path Traversal in Device Data Import Causing DoS Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
Remote Service Manager
CVE-2023-26595 May 23, 2023
Cybozu Garoon Message DoS in 4.10.0-5.9.2 (remote authenticated) Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
Garoon
CVE-2023-27304 May 23, 2023
CVE-2023-27304: Auth Bypass in Garoon Message/Bulletin (4.6.05.9.2) Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
Garoon
CVE-2023-27384 May 23, 2023
CVE-2023-27384 Cybozu Garoon <=5.15.0 Multireport Op Restrict Bypass Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
Garoon
CVE-2022-44608 Dec 07, 2022
Cybozu Remote Service 4.0.0-4.0.3 uncontrolled resource consumption remote auth DoS Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
Cybozu Remote Service
CVE-2022-25986 Aug 18, 2022
Browse Restriction Bypass in Cybozu Office Scheduler 10.0-10.8.5 Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
Office
CVE-2022-28715 Aug 18, 2022
XSS in Cybozu Office 10.0.0-10.8.5 via Specific Parameters Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Office
CVE-2022-29487 Aug 18, 2022
XSS in Cybozu Office 10.0.0-10.8.5 via unspecified vectors Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Office
CVE-2022-29891 Aug 18, 2022
Cybozu Office 10-10.8.5 Custom App BR Bypass Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
Office
CVE-2022-30604 Aug 18, 2022
Cybozu Office XSS via parameters 10.0.0-10.8.5 Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Office
CVE-2022-30693 Aug 18, 2022
Cybozu Office 10.0.010.8.5 Info Disclosure via System Config Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
Office
CVE-2022-32283 Aug 18, 2022
Cybozu Office Cabinet Bypass of Browse Restrictions (v10.0.010.8.5) Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
Office
CVE-2022-32453 Aug 18, 2022
HTTP Header Injection in Cybozu Office 10.0.0-10.8.5 HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
Office
CVE-2022-32544 Aug 18, 2022
CVE-2022-32544: Cybozu Office 10.x Project OpReg Bypass for Data Alteration Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
Office
CVE-2022-32583 Aug 18, 2022
OPA-Bypass: Remote Scheduler Data Alteration in Cybozu Office 10.0.0-10.8.5 Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
Office
CVE-2022-33151 Aug 18, 2022
Cybozu Office <=10.8.5 Remote XSS via Parameters Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
Office
CVE-2022-33311 Aug 18, 2022
CVE-2022-33311: AddressBook Bypass in Cybozu Office <10.8.5 Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
Office
CVE-2022-29512 Jul 11, 2022
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
Garoon
CVE-2022-30602 Jul 11, 2022
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
Garoon
CVE-2022-30943 Jul 11, 2022
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
Garoon
CVE-2022-31472 Jul 11, 2022
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
Garoon
CVE-2022-29471 Jul 04, 2022
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
Garoon
CVE-2022-27627 Jul 04, 2022
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
Garoon
CVE-2022-26368 Jul 04, 2022
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
Garoon
CVE-2022-26054 Jul 04, 2022
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
Garoon
CVE-2022-26051 Jul 04, 2022
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
Garoon
CVE-2022-29892 Jul 04, 2022
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
Garoon
CVE-2022-29513 Jul 04, 2022
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
Garoon
CVE-2022-29484 Jul 04, 2022
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
Garoon
CVE-2022-29467 Jul 04, 2022
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
Garoon
CVE-2022-27661 Jul 04, 2022
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
Garoon
CVE-2022-27803 Jul 04, 2022
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
Garoon
CVE-2022-27807 Jul 04, 2022
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
Garoon
CVE-2022-28713 Jul 04, 2022
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
Garoon
CVE-2022-28692 Jul 04, 2022
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
Garoon
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.