SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 03
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
"How many states are there in the United States?"
Published: 2026-01-18
Last Updated: 2026-01-18 07:46:26 UTC
by Didier Stevens (Version: 1)
The prompt is always the same: "How many states are there in the United States?".
This is recon to find open LLMs. Not necessarily to exploit them, but to use them.
Coincidentally, something similar has been reported in the news: "Hackers target misconfigured proxies to access paid LLM services" (https://www.bleepingcomputer.com/news/security/hackers-target-misconfigured-proxies-to-access-paid-llm-services/)
Make sure your LLMs are not exposed to the Internet without authentication.
Read the full entry: https://isc.sans.edu/diary/How+many+states+are+there+in+the+United+States/32618/
Automatic Script Execution In Visual Studio Code
Published: 2026-01-21
Last Updated: 2026-01-21 09:50:34 UTC
by Xavier Mertens (Version: 1)
Visual Studio Code is a popular open-source code editor. But it’s much more than a simple editor, it’s a complete development platform that supports many languages and it is available on multiple platforms. Used by developers worldwide, it’s a juicy target for threat actors because it can be extended with extensions.
Of course, it became a new playground for bad guys and malicious extensions were already discovered multiple times, like the 'Dracula Official' theme. Their modus-operandi is always the same: they take the legitimate extension and include scripts that perform malicious actions.
VSCode has also many features that help developers in their day to day job. One of them is the execution of automatic tasks on specific events. Think about the automatic macro execution in Microsoft Office.
With VSCode, it’s easy to implement and it’s based on a simple JSON file. Create in your project directory a sub-directory ".vscode" and, inside this one, create a “tasks.json”. Here is an example ...
Read the full entry: https://isc.sans.edu/diary/Automatic+Script+Execution+In+Visual+Studio+Code/32644/
Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain
Published: 2026-01-14
Last Updated: 2026-01-14 18:17:20 UTC
by Brad Duncan (Version: 1)
Introduction
In recent weeks, Lumma Stealer infections have followed a specific pattern in follow-up activity. This pattern adds scheduled tasks for the same action, which increases traffic to the same C2 domain. This diary documents an example from one of these infections on January 14, 2026.
Details
After Lumma Stealer performs its data exfiltration, the infected Windows host retrieves information from a Pastebin link, which the infected host uses for a follow-up infection. So far, this follow-up infection has used .cc domains for its C2 traffic. Here is one such example from the beginning of January 2026.
The image below shows an example of a Lumma Stealer infection from today ...
Read the full entry: https://isc.sans.edu/diary/Infection+repeatedly+adds+scheduled+tasks+and+increases+traffic+to+the+same+C2+domain/32628/
Internet Storm Center Entries
Add Punycode to your Threat Hunting Routine (2026.01.20)
https://isc.sans.edu/diary/Add+Punycode+to+your+Threat+Hunting+Routine/32640/
Battling Cryptojacking, Botnets, and IABs [Guest Diary] (2026.01.15)
https://isc.sans.edu/diary/Battling+Cryptojacking+Botnets+and+IABs+Guest+Diary/32632/
Wireshark 4.6.3 Released (2026.01.17)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-20805 - Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
Product: Microsoft Windows 10 1607
CVSS Score: 5.5
** KEV since 2026-01-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20805
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805
CVE-2026-0491 - SAP Landscape Transformation allows an attacker to inject arbitrary code through a backdoor, compromising system security.
Product: SAP Landscape Transformation
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0491
CVE-2026-0498 - SAP S/4HANA (Private Cloud and On-Premise) is vulnerable to an admin privilege exploit in its function module, allowing injection of arbitrary code and posing a backdoor risk for full system compromise.
Product: SAP S/4HANA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0498
CVE-2026-0501 - SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger) allows authenticated users to execute crafted SQL queries, compromising confidentiality, integrity, and availability.
Product: SAP S/4HANA Private Cloud
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0501
CVE-2026-0500 - SAP Wily Introscope Enterprise Manager (WorkStation) is vulnerable to unauthenticated remote code execution attacks via a malicious JNLP file accessible by a public facing URL, compromising system security.
Product: SAP Wily Introscope Enterprise Manager
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0500
CVE-2025-40805 - Affected Siemens devices lack proper user authentication enforcement on specific API endpoints, allowing unauthenticated remote attackers to impersonate legit users if they know their identity.
Product: Siemens Industrial Edge Device Kit
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40805
NVD References:
- https://cert-portal.siemens.com/productcert/html/ssa-001536.html
- https://cert-portal.siemens.com/productcert/html/ssa-014678.html
CVE-2025-11250 - Zoho Corp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.
Product: Zoho Corp ManageEngine ADSelfService Plus
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11250
NVD References: https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-11250.html
CVE-2026-0879 - Firefox is vulnerable to sandbox escape due to incorrect boundary conditions in the Graphics component, affecting versions Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
Product: Firefox and Firefox ESR
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0879
CVE-2026-0881 - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
Product: Mozilla Firefox
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0881
CVE-2026-0884 - Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0884
CVE-2026-0892 - Firefox 146 and Thunderbird 146 contain memory safety bugs that could potentially allow for arbitrary code execution.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0892
CVE-2025-12548 - Eclipse Che che-machine-exec allows unauthenticated remote command execution and secret exfiltration via exposed JSON-RPC API on TCP port 3333.
Product: Eclipse Che che-machine-exec
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12548
CVE-2025-65783 - Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 is vulnerable to arbitrary file upload, enabling attackers to execute arbitrary code by uploading a malicious PDF file.
Product: Hubert Imoveis e Administracao Ltda Hub v2.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65783
CVE-2025-69990, CVE-2025-69991, CVE-2025-69992 - Multiple vulnerabilities in phpgurukul News Portal Project V4.1
Product: Phpgurukul News Portal
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69990
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69991
CVE-2025-70892 - Phpgurukul Cyber Cafe Management System v1.0 is vulnerable to SQL Injection in the user management module due to insufficient validation of user input.
Product: Phpgurukul Cyber Cafe Management System v1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70892
CVE-2025-25176 - GPU DDK – Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform. The issue affects DDK Releases up to and including 25.2 RTM
Platform: Imagination Technologies GPU DDK
Product: Imagination Technologies GPU DDK
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25176
NVD References: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
CVE-2025-47855 - Fortinet FortiFone 7.0.0 through 7.0.1 and FortiFone 3.0.13 through 3.0.23 allow unauthenticated attackers to access device configurations through crafted HTTP or HTTPS requests.
Product: Fortinet FortiFone
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47855
CVE-2025-64155 - Fortinet FortiSIEM 7.4.0 and older versions are vulnerable to os command injection, potentially enabling attackers to execute unauthorized code or commands through crafted TCP requests.
Product: Fortinet FortiSIEM
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64155
CVE-2025-68271 - OpenC3 COSMOS contains a critical remote code execution vulnerability in versions 5.0.0 to 6.10.1, allowing unauthenticated attackers to trigger Ruby code execution through the JSON-RPC API.
Product: OpenC3 COSMOS
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68271
CVE-2020-36911 - Covenant 0.1.3 - 0.5 has a remote code execution vulnerability, enabling attackers to create malicious JWT tokens with admin privileges and execute arbitrary commands using custom DLL payloads.
Product: Covenant 0.1.3 - 0.5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36911
CVE-2022-50893 and CVE-2022-50894 - VIAVIWEB Wallpaper Admin 1.0 vulnerabilitiesis.
Product: VIAVIWEB Wallpaper Admin 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50893
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50894
CVE-2022-50905 - e107 CMS version 3.2.1 is vulnerable to multiple XSS attacks, including a reflected XSS in the news comment functionality and an upload restriction bypass for authenticated administrators.
Product: E107 CMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50905
CVE-2022-50912 - ImpressCMS 1.4.4 has a file upload vulnerability allowing attackers to upload harmful files and execute PHP code on the server.
Product: ImpressCMS 1.4.4
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50912
CVE-2022-50919 - Tdarr 2.00.15 has an unauthenticated remote code execution vulnerability in its Help terminal, allowing attackers to inject commands and execute remote code without authentication.
Product: Tdarr 2.00.15
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50919
CVE-2022-50922 - Audio Conversion Wizard v2.01 has a buffer overflow vulnerability that can lead to remote code execution by manipulating a registration code.
Product: Audio Conversion Wizard v2.01
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50922
CVE-2022-50925 - Prowise Reflect version 1.0.9 has a remote keystroke injection vulnerability via an exposed WebSocket on port 8082, enabling attackers to control keyboard events by sending crafted messages.
Product: Prowise Reflect
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50925
CVE-2022-50926 - WAGO 750-8212 PFC200 G2 2ETH RS firmware exhibits a privilege escalation flaw enabling attackers to change user session cookies' parameters and gain admin access without authentication.
Product: WAGO 750-8212 PFC200 G2 2ETH RS firmware
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50926
CVE-2022-50935 - Flame II HSPA USB Modem is vulnerable to an unquoted service path allowing attackers to execute malicious code with elevated privileges.
Product: Flame II HSPA USB Modem
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50935
CVE-2023-54328 - AimOne Video Converter 2.04 Build 103 is vulnerable to a buffer overflow in its registration form, allowing attackers to crash the application and potentially exploit its registration mechanism.
Product: AimOne Video Converter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54328
CVE-2023-54329 & CVE-2023-54330 - "Inbit Messenger 4.6.0 - 4.9.0 stack-based buffer overflow vulnerabilities.
Product: Inbit Messenger
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54329
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54330
CVE-2023-54334 - Explorer32++ 1.3.5.531 has a buffer overflow flaw in Structured Exception Handler (SEH) records, enabling attackers to execute arbitrary code by supplying a long file name argument.
Product: Explorer32++ 1.3.5.531
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54334
CVE-2023-54335 - eXtplorer 2.1.14 is vulnerable to an authentication bypass that could permit attackers to login without a password, enabling them to upload malicious files and execute remote commands.
Product: eXtplorer 2.1.14
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54335
CVE-2023-54339 - Webgrind 1.1 allows unauthenticated attackers to remotely execute system commands by manipulating the dataFile parameter in index.php.
Product: Webgrind 1.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-54339
CVE-2026-22686 - Enclave has a critical sandbox escape vulnerability in enclave-vm prior to version 2.7.0 that allows untrusted JavaScript code to execute arbitrary code in the host Node.js runtime.
Product: Enclave-vm
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22686
CVE-2025-70968 - FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
Product: FreeImage 3.18.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70968
NVD References: https://github.com/MiracleWolf/FreeimageCrash/tree/main
CVE-2026-22852 through CVE-2026-22855, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859 - Multiple vulnerabilities in FreeRDP.
Product: FreeRDP
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22852
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22853
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22854
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22855
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22857
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22858
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22859
NVD References: https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
CVE-2026-22907 and CVE-2026-22908 - Incorrect Privilege Assignment vulnerabilities in ICK TDC-X401GL. An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
Product: SICK TDC-X401GL
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22907
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22908
NVD References: https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf
CVE-2021-47753 - phpKF CMS 3.00 Beta y6 allows remote attackers to execute arbitrary code by uploading a PHP file disguised as a PNG and bypassing file extension checks.
Product: phpKF CMS 3.00 Beta y6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47753
CVE-2021-47755 - Oliver Library Server v5 is vulnerable to unauthenticated attackers accessing system files by manipulating the 'fileName' parameter in the FileServlet endpoint.
Product: Oliver Library Server v5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47755
CVE-2021-47760 - TestLink versions 1.16 through 1.19 are vulnerable to unauthenticated file downloads through the attachmentdownload.php endpoint, allowing attackers to download arbitrary files.
Product: TestLink versions 1.16 through 1.19
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47760
CVE-2021-47772 - 10-Strike Network Inventory Explorer Pro 9.31 is vulnerable to remote code execution via a buffer overflow in its text file import feature.
Product: 10-Strike Network Inventory Explorer Pro 9.31
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47772
CVE-2021-47774 - Kingdia CD Extractor 3.0.2 is vulnerable to a buffer overflow in the registration name field, allowing remote attackers to execute arbitrary code.
Product: Kingdia CD Extractor 3.0.2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47774
CVE-2021-47781 - Cmder Console Emulator 1.3.18 is vulnerable to a buffer overflow issue that can be exploited by attackers to crash the application using a maliciously crafted .cmd file.
Product: Cmder Console Emulator
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47781
CVE-2021-47819 - ProjeQtOr Project Management 9.1.4 is vulnerable to file upload attacks, enabling guests to execute malicious PHP code through the profile attachment section.
Product: ProjeQtOr Project Management
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47819
CVE-2025-67079 - Omnispace Agora Project before version 25.10 allows attackers to execute code via a crafted PDF file upload vulnerability.
Product: Omnispace Agora Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67079
CVE-2025-62193 - NOAA PMEL Live Access Server (LAS) is vulnerable to remote code execution through crafted requests with PyFerret expressions, allowing attackers to execute OS commands.
Product: NOAA PMEL Live Access Server (LAS)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62193
CVE-2026-23520 - Arcane's updater service in versions prior to 1.13.0 allows for command injection through lifecycle labels, enabling authenticated users to run malicious commands during container updates.
Product: Arcane updater service
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23520
CVE-2025-67822 - Mitel MiVoice MX-ONE 7.3 through 7.8 SP1 allows an unauthenticated attacker to conduct an authentication bypass attack, potentially leading to unauthorized access to user or admin accounts.
Product: Mitel MiVoice MX-ONE
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67822
Recent CVEs Continued
CVE-2026-1009 - Altium Forum is vulnerable to stored cross-site scripting (XSS) due to missing input sanitization, allowing attackers to inject and execute malicious JavaScript in forum posts, leading to unauthorized access to Altium 365 workspace data with user interaction required.
Product: Altium Forum
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1009
CVE-2021-47785 - Ether MP3 CD Burner 1.3.8 is vulnerable to remote code execution via buffer overflow in the registration name field.
Product: Ether MP3 CD Burner
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47785
CVE-2021-47796 - Denver SHC-150 Smart Wifi Camera is vulnerable to hardcoded telnet credentials, enabling unauthenticated attackers to access the Linux shell and execute commands.
Product: Denver SHC-150 Smart Wifi Camera
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47796
CVE-2021-47798 - NoteBurner 2.35 has a buffer overflow vulnerability that enables attackers to crash the application by entering a 6000-byte payload in the license code input field.
Product: NoteBurner 2.35
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-47798
CVE-2025-14231 through CVE-2025-14237 - Multiple vulnerabilities in Satera LBP670C Series/Satera MF750C Series Small Office Multifunction Printers and Laser Printers
Product: Canon Small Office Multifunction Printers and Laser Printers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14231
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14232
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14233
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14234
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14235
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14236
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14237
CVE-2025-61937 - AVEVA Process Optimization "taoimr" service is vulnerable to remote code execution, allowing unauthorized users to compromise the model application server.
Product: AVEVA Process Optimization
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61937
NVD References:
- https://www.aveva.com/en/support-and-success/cyber-security-updates/
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-015-01
CVE-2025-62581 and CVE-2025-62582 - Delta Electronics DIAView has multiple vulnerabilities.
Product: Delta Electronics DIAView
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62581
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62582
CVE-2026-1019 and CVE-2026-1021 - Police Statistics Database System developed by Gotac has multiple vulnerabilities.
Product: Gotac Police Statistics Database System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1019
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1021
NVD References: https://www.twcert.org.tw/en/cp-139-10638-0e44b-2.html
CVE-2025-60021 - Apache bRPC (all versions < 1.15.0) on all platforms is susceptible to a remote command injection vulnerability in the heap profiler built-in service.
Product: Apache bRPC
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60021
CVE-2026-23523 - Dive is vulnerable to crafted deeplinks allowing arbitrary local command execution prior to version 0.13.0.
Product: Dive MCP Host Desktop Application
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23523
CVE-2026-23722 - WeGIA's version prior to 3.6.2 is vulnerable to a Reflected Cross-Site Scripting (XSS) flaw that allows attackers to inject malicious code into the user's browser session.
Product: WeGIA Web Manager for Charitable Institutions
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23722
CVE-2026-23744 - MCPJam inspector versions 1.4.2 and earlier are vulnerable to remote code execution via a crafted HTTP request due to default listening on 0.0.0.0, with a patch available in version 1.4.3.
Product: MCPJam inspector
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23744
CVE-2026-1181 - Altium Forum is vulnerable to stored cross-site scripting (XSS) due to missing input sanitization, allowing attackers to inject and execute malicious JavaScript in forum posts, leading to unauthorized access to Altium 365 workspace data with user interaction required.
Product: Altium Forum
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1181
CVE-2026-0610 - SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
Product: Devolutions Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0610
CVE-2026-1162 - UTT HiPER 810 1.7.4-141218 is vulnerable to a buffer overflow due to a flaw in the function strcpy of the file /goform/setSysAdm, allowing for remote exploitation.
Product: UTT HiPER 810
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1162
CVE-2026-22797 - OpenStack keystonemiddleware is vulnerable to privilege escalation and user impersonation due to a failure to sanitize incoming authentication headers in the external_oauth2_token middleware.
Product: OpenStack eystonemiddleware
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22797
CVE-2026-23836 - HotCRP conference review software was vulnerable to code injection due to inadequately sanitized code generation in version 3.1, now patched in version 3.2.
Product: HotCRP conference review software
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23836
CVE-2026-23839, CVE-2026-23840, CVE-2026-23841 - Movary has multiple cross-site scripting vulnerabilities.
Product: Movary Web Application
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23839
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23840
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23841
CVE-2026-23837 - MyTube version 1.7.65 and earlier allows unauthenticated users to bypass authentication and access sensitive application settings.
Product: MyTube self-hosted downloader and player
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23837
CVE-2026-0905 - Google Chrome prior to 144.0.7559.59 may allow attackers to access potentially sensitive information through a network log file due to insufficient policy enforcement.
Product: Google Chrome
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0905
CVE-2026-0906 - Google Chrome on Android prior to version 144.0.7559.59 is vulnerable to a remote attacker spoofing the contents of the Omnibox (URL bar) through a crafted HTML page.
Product: Google Chrome
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0906
CVE-2026-0907 - Google Chrome had an incorrect security UI in Split View, allowing a remote attacker to perform UI spoofing via a crafted HTML page before version 144.0.7559.59.
Product: Google Chrome
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0907
CVE-2026-1221 - PrismX MX100 AP controller by BROWAN COMMUNICATIONS is vulnerable to unauthenticated remote login due to hardcoded credentials in the firmware.
Product: BROWAN COMMUNICATIONS PrismX MX100 AP controller
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1221
NVD References: https://www.twcert.org.tw/en/cp-139-10643-2f8d7-2.html
CVE-2026-22844 - Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 are vulnerable to command injection, allowing remote code execution via network access.
Product: Zoom Video Communications Node Multimedia Routers
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22844
NVD References: https://www.zoom.com/en/trust/security-bulletin/zsb-26001
CVE-2025-53912 - MedDream PACS Premium 7.3.6.870 is vulnerable to an arbitrary file read through specially crafted HTTP requests, allowing an attacker to retrieve sensitive files.
Product: MedDream PACS Premium
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53912
NVD References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2273
CVE-2025-56005 - The PLY (Python Lex-Yacc) library 3.11 is vulnerable to Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function due to undocumented and unsafe features.
Product: Python Software Foundation PLY (Python Lex-Yacc) library
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56005
CVE-2026-21962 - The vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise critical data and all accessible information.
Product: Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21962
NVD References: https://www.oracle.com/security-alerts/cpujan2026.html
CVE-2026-21969 - Oracle Agile Product Lifecycle Management for Process in Oracle Supply Chain's Supplier Portal version 6.2.4 is susceptible to a high-severity vulnerability allowing attackers to potentially take over the system.
Product: Oracle Agile Product Lifecycle Management for Process
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21969
NVD References: https://www.oracle.com/security-alerts/cpujan2026.html
CVE-2025-51602 - VideoLAN VLC media player before 3.0.22 is vulnerable to an out-of-bounds read and denial of service due to a crafted 0x01 response from an MMS server.
Product: VideoLAN VLC media player
CVSS Score: 4.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-51602
ISC Podcast: https://isc.sans.edu/podcastdetail/9762
CVE-2025-12420 - ServiceNow AI Platform is vulnerable to unauthorized user impersonation and operation execution, remedied by a security update deployed in October 2025.
Product: ServiceNow AI Platform
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12420
ISC Podcast: https://isc.sans.edu/podcastdetail/9768
CVE-2025-14301 - The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal, allowing unauthenticated attackers to delete or download arbitrary files on the server.
Product: Integration Opvius AI for WooCommerce plugin
Active Installations: This plugin has been closed as of January 12, 2026 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14301
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/34612902-1a26-4759-bca6-b5aaffa25af4?source=cve
CVE-2025-14502 - The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 via the template parameter, enabling unauthenticated attackers to execute arbitrary .php files on the server, potentially bypassing access controls and obtaining sensitive data.
Product: WordPress News and Blog Designer Bundle plugin
Active Installations: This plugin has been closed as of January 12, 2026 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14502
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/e02683dc-0771-4bd5-bba3-2b5423da1c80?source=cve
CVE-2026-23550 and CVE-2026-23800 - Incorrect Privilege Assignment vulnerabilities in Modular DS allow Privilege Escalation.
Product: Modular DS
Active Installations: 30,000+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23550
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23800
NVD References:
CVE-2025-14533 - The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to gain administrator access by manipulating the 'insert_user' function role restriction.
Product: WordPress Advanced Custom Fields: Extended plugin
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14533
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8af2-3525-4b00-afa8-a908250cc838?source=cve
CVE-2025-15403 - The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation up to version 6.0.7.1, allowing unauthenticated attackers to manipulate the plugin's menu generation logic and add 'manage_options' capability for the target role.
Product: WordPress RegistrationMagic plugin
Active Installations: 9,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15403
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/68dd9f6f-ccee-4a27-bd21-2fb32b92cc62?source=cve
CVE-2025-10484 - The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress up to version 1.3.1 is vulnerable to Authentication Bypass, allowing unauthenticated attackers to authenticate as any user on the site, including administrators.
Product: WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin
Active Installations: 600+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10484
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6aef6fbb-be8c-49e1-ada5-7b4aa8b2ff72?source=cve
CVE-2025-15521 - The Academy LMS WordPress plugin is susceptible to privilege escalation through a takeover of user accounts, allowing unauthenticated attackers to change passwords and gain access.
Product: The Academy LMS WordPress LMS Plugin
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15521
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/6687ebbe-fdf4-4ecb-bf59-034bb4b0104c?source=cve
Sponsors
SANS
Free Two-Day Virtual Summit | CTI Summit Solutions Track - CTI in the AI Arms Race: Building Resilient, Adaptive Intelligence Platforms for 2026 | Day 1 - Monday, January 26, 2026 from 12:00 PM to 5:00 PM ET | Day 2 - Tuesday, January 27, 2026 from 10:00 AM to 5:00 PM ET. Earn up to 12 CPE credits.
SANS
Webcast | Go Beyond SIEM to Transform Your SOC with AI - Cortex XSIAM | Thursday, January 29, 2026 at 14:00 UTM. Join Rich Greene (SANS) & Patrick Bayle (Palo Alto) as they break down how Cortex XSIAM modernizes SOC operations.
SANS
Survey | Cyber Readiness Survey for U.S. Government Agencies | If you work for a government agency, SANS would appreciate your help as we conduct research on the level of cyber readiness within the public sector.
SANS
Free Webinar | SANS 2026 SOC, SIEM, SOAR Forum | Friday, February 27, 2026 at 10:00 AM ET.