SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 06
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft Patch Tuesday - February 2026
Published: 2026-02-10
Last Updated: 2026-02-10 19:04:00 UTC
by Johannes Ullrich (Version: 1)
Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. Three vulnerabilities have already been exploited and made public. In addition, five critical vulnerabilities are included in this patch Tuesday.
Vulnerabilities of Interest:
The three already exploited and public vulnerabilities are very similar, but they affect different Windows components. The issue is that the user is not properly warned when executing code they downloaded. Technologies like SmartScreen are supposed to prevent this from happening. The components affect:
CVE-2026-21510: Windows Shell.
CVE-2026-21513: This affects the (legacy) Internet Explorer HTML rendering engine. It is still used by some Windows components, but not by the Edge browser.
CVE-2026-21514: Microsoft Word.
In addition, we have three more already exploited vulnerabilities:
CVE-2026-21533: A privilege escalation in Remote Desktop
CVE-2026-21519: A type confusion vulnerability in Windows Manager
CVE-2026-21525: A Windows Remote Access Connection Manager Denial of Service.
Three of the critical vulnerabilities are related to Microsoft Azure and have already been patched by Microsoft.
CVE-2026-23655: This vulnerability only affects Windows Defender on Linux and may lead to remote code execution.
Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+February+2026/32700/
Broken Phishing URLs
Published: 2026-02-05
Last Updated: 2026-02-05 08:43:02 UTC
by Xavier Mertens (Version: 1)
For a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails ...
But the format of the URLs is broken! In a URL, parameters are extra pieces of information added after a question mark (?) to tell a website more details about a request; they are written as name=value pairs (for example “email=user@domain”), and multiple parameters are separated by an ampersand (&) ...
Read the full entry: https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/
WSL in the Malware Ecosystem
Published: 2026-02-11
Last Updated: 2026-02-11 13:28:29 UTC
by Xavier Mertens (Version: 1)
WSL or “Windows Subsystem Linux” is a feature in the Microsoft Windows ecosystem that allows users to run a real Linux environment directly inside Windows without needing a traditional virtual machine or dual boot setup. The latest version, WSL2, runs a lightweight virtualized Linux kernel for better compatibility and performance, making it especially useful for development, DevOps, and cybersecurity workflows where Linux tooling is essential but Windows remains the primary operating system. It was introduced a few years ago (2016) as part of Windows 10.
WSL can be compared to a LOLBIN (living-off-the-land) because it’s implemented by Microsoft and allow many interesting operations. Attackers can drop Linux tools inside the WSL rootfs and execute it! Here is a quick example ...
Read the full entry: https://isc.sans.edu/diary/WSL+in+the+Malware+Ecosystem/32704/
OTHER INTERNET STORM CENTER ENTRIES
Quick Howto: Extract URLs from RTF files (2026.02.09)
https://isc.sans.edu/diary/Quick+Howto+Extract+URLs+from+RTF+files/32692/
YARA-X 1.13.0 Release (2026.02.09)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-21510 - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Product: Microsoft Windows Shell
CVSS Score: 8.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CVE-2026-21513 - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Product: MSHTML Framework Microsoft
CVSS Score: 8.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CVE-2026-21514 - Microsoft Office Word is vulnerable to unauthorized attackers bypassing security features due to reliance on untrusted inputs.
Product: Microsoft Office Word
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CVE-2026-21519 - Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Product: Microsoft Desktop Window Manager
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CVE-2026-21533 - Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows Remote Desktop
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CVE-2026-21525 - Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
Product: Microsoft Windows Remote Access Connection Manager
CVSS Score: 6.2
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
ISC Diary: https://isc.sans.edu/diary/32700
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CVE-2026-21509 - Microsoft Office is vulnerable due to reliance on untrusted inputs, allowing unauthorized attackers to bypass security features locally.
Product: Microsoft Office
CVSS Score: 0
** KEV since 2026-01-26 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21509
ISC Diary: https://isc.sans.edu/diary/32692
CVE-2026-1281 - Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Product: Ivanti Endpoint Manager Mobile (EPMM)
CVSS Score: 9.8
** KEV since 2026-01-29 ** due date 2026-02-01 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1281
ISC Podcast: https://isc.sans.edu/podcastdetail/9790
NVD References:
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1281
CVE-2021-39935 - GitLab CE/EE versions 10.5 to 14.5.2 are vulnerable to unauthorized external users performing Server Side Requests via the CI Lint API.
Product: GitLab
CVSS Score: 0
** KEV since 2026-02-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-39935
CVE-2019-19006 - Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
Product: Sangoma FreePBX
CVSS Score: 0
** KEV since 2026-02-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-19006
CVE-2026-1633 - The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter is vulnerable to unauthorized access, enabling attackers to alter device settings without authentication.
Product: Synectix LAN 232 TRIO 3-Port serial to ethernet adapter
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1633
ISC Podcast: https://isc.sans.edu/podcastdetail/9796
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04
CVE-2026-1868 - GitLab AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions, allowing for Denial of Service or code execution, but has been fixed in versions 18.6.2, 18.7.1, and 18.8.1.
Product: GitLab AI Gateway
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1868
ISC Podcast: https://isc.sans.edu/podcastdetail/9800
CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability
Product: Azure Front Door
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24300
ISC Diary: https://isc.sans.edu/diary/32700
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24300
CVE-2026-1731 - BeyondTrust Remote Support and certain older versions of Privileged Remote Access have a critical pre-authentication remote code execution vulnerability that allows unauthenticated remote attackers to execute operating system commands.
Product: BeyondTrust Remote Support (RS)
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1731
ISC Podcast: https://isc.sans.edu/podcastdetail/9802
CVE-2026-21531 - Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Product: Azure SDK
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21531
ISC Diary: https://isc.sans.edu/diary/32700
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21531
CVE-2025-5319 - Efficiency Management System by Emit Information and Communication Technologies Industry and Trade Ltd. Co. is vulnerable to SQL Injection through 03022026, with no response from the vendor when notified.
Product: Emit Information and Communication Technologies Industry and Trade Ltd. Co Efficiency Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5319
CVE-2026-1568 - InsightVM versions before 8.34.0 have a signature verification flaw on the ACS cloud endpoint, letting attackers access Security Console installations and take over accounts.
Product: Rapid7 InsightVM
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1568
NVD References: https://docs.rapid7.com/insight/command-platform-release-notes/
CVE-2025-57529 - YouDataSum CPAS Audit Management System v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah, allowing remote attackers to execute arbitrary SQL commands and potentially gain unauthorized data access.
Product: Youdatasum CPAS Audit Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57529
CVE-2025-61506 - MediaCrush thru 1.0.1 allows remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
Product: MediaCrush
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61506
CVE-2025-63624 - Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 is vulnerable to SQL Injection, allowing remote attackers to execute arbitrary code.
Product: Shandong Kede Electronics Co. Ltd, IoT smart water meter monitoring platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-63624
CVE-2025-67186, CVE-2025-67187, CVE-2025-67188 - TOTOLINK A950RG is susceptible to buffer overflow vulnerabilities.
Product: TOTOLINK A950RG
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67186
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67187
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67188
CVE-2025-69970, CVE-2025-69971, CVE-2025-69981, & CVE-2025-69983 - Multiple vulnerabilities in FUXA v1.2.7.
Product: Frangoteam FUXA
CVSS Scores: 9.3 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69970 (insecure default configuration)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69971 (hard-coded credential)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69981 (Unrestricted File Upload)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69983 (Remote Code Execution)
CVE-2026-25752 - FUXA web-based Process Visualization software is vulnerable to an authorization bypass flaw, allowing unauthenticated attackers to modify device tags, potentially manipulating physical processes in connected ICS/SCADA environments.
Product: Frangoteam FUXA
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25752
CVE-2025-70841 - Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 is vulnerable to unauthenticated remote attackers who can obtain sensitive application configuration data, leading to complete system compromise for all tenants.
Product: Dokan Multi-Tenancy Based eCommerce Platform SaaS 3.9.2
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70841
CVE-2026-25233, CVE-2026-25234, CVE-2026-25236 - CVE-2026-25238, CVE-2026-25240 & CVE-2026-25241 - Multiple vulnerabilities in PEAR framework.
Product: PEAR framework
CVSS Scores: 9.1 - 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25233 (Operator Precedence Logic Error)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25234 (SQL Injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25236 (SQL Injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25237 (Executable Regular Expression Error)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25238 (SQL Injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25240 (SQL Injection)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25241 (SQL Injection)
CVE-2025-10878 - Fikir Odalari AdminPando 1.0.1 before 2026-01-26 is vulnerable to SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and gain full administrative access.
Product: Fikir Odalari AdminPando
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10878
CVE-2026-1861 - Google Chrome was vulnerable to a heap buffer overflow in libvpx, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Product: Google Chrome
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1861
ISC Diary: https://isc.sans.edu/diary/32700
CVE-2026-1862 - Google Chrome prior to version 144.0.7559.132 had a high severity type confusion vulnerability that could be exploited by a remote attacker via a malicious HTML page.
Product: Google Chrome
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1862
ISC Diary: https://isc.sans.edu/diary/32700
CVE-2020-37065 - StreamRipper32 version 2.6 has a buffer overflow vulnerability in the Station/Song Section, enabling attackers to overwrite memory with a crafted SongPattern input.
Product: StreamRipper32
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
CVE-2020-37066 - GoldWave 5.70 is vulnerable to a buffer overflow attack in the File Open URL dialog, enabling attackers to execute arbitrary code by manipulating input.
Product: GoldWave 5.70
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37066
CVE-2020-37067 - Filetto 1.0 FTP server is susceptible to a denial of service flaw in the FEAT command processing, which can be exploited by sending an oversized command to crash the service.
Product: Filetto 1.0 FTP server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37067
CVE-2020-37068 & CVE-2020-37069 - Konica Minolta FTP Utility 1.0 buffer overflow vulnerabilities.
Product: Konica Minolta FTP Utility 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37068
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37069
CVE-2020-37070 - CloudMe 1.11.2 is vulnerable to remote code execution via a buffer overflow in network packets sent to port 8888.
Product: CloudMe 1.11.2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37070
CVE-2020-37071 - CraftCMS 3 vCard Plugin 1.0.0 is susceptible to a deserialization vulnerability enabling unauthenticated attackers to execute arbitrary PHP code via a specially crafted payload.
Product: CraftCMS vCard Plugin 1.0.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37071
CVE-2020-37074 - Remote Desktop Audit 2.3.0.157 is susceptible to a buffer overflow vulnerability, enabling attackers to execute arbitrary code via a crafted payload file during the Add Computers Wizard file import process.
Product: Remote Desktop Audit 2.3.0.157
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37074
CVE-2020-37075 - LanSend 3.2 has a buffer overflow vulnerability in the Add Computers Wizard file import feature, enabling remote attackers to execute arbitrary code through a crafted payload file.
Product: Lan-secure LanSend
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37075
CVE-2020-37080 - webTareas 2.0.p8 is vulnerable to file deletion by authenticated attackers in the print_layout.php administration component.
Product: webTareas 2.0.p8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37080
CVE-2020-37082 - webERP 4.15.1 vulnerability allows remote attackers to download database backup files without authentication.
Product: webERP 4.15.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37082
CVE-2020-37090 - School ERP Pro 1.0 has a file upload vulnerability that enables students to upload harmful PHP files, leading to potential server code execution by attackers.
Product: Arox School ERP Pro
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37090
CVE-2020-37094 - EspoCRM 5.8.5 is vulnerable to authentication manipulation that enables attackers to access other user accounts and gain unauthorized administrative privileges.
Product: EspoCRM 5.8.5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37094
CVE-2026-25150 - Qwik is a performance focused javascript framework that contained a prototype pollution vulnerability in the formToObj() function within @builder.io/qwik-city middleware prior to version 1.19.0, allowing unauthenticated attackers to pollute Object.prototype through crafted HTTP POST requests.
Product: Qwik
CVSS Score: 9.3
Recent CVEs Continued
CVE-2026-25510 - CI4MS is vulnerable to Remote Code Execution (RCE) pre-version 0.28.5.0 due to a flaw that allows authenticated users with file editor permissions to upload and execute arbitrary PHP code on the server.
Product: CI4MS
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25510
CVE-2026-1632 - MOMA Seismic Station Version v2.4.2520 and prior allows unauthenticated attackers to access and modify device settings, data, and remotely reset the device.
Product: MOMA Seismic Station Version
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1632
CVE-2025-59818 - Multiple Zenitel products are vulnerable to allowing authenticated attackers to execute arbitrary commands utilizing the file name of an uploaded file.
Product: Zenitel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59818
NVD References: https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf
CVE-2025-5329 - Martcode Software Inc. Delta Course Automation is vulnerable to SQL Injection, allowing attackers to manipulate database queries, up to version 04022026.
Product: Martcode Software Inc. Delta Course Automation
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5329
CVE-2026-25049 - n8n allowed authenticated users to trigger unintended system command execution through crafted expressions in workflow parameters prior to versions 1.123.17 and 2.5.2.
Product: n8n
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25049
CVE-2026-25052 - n8n, an open source workflow automation platform, had a vulnerability in file access controls allowing authenticated users to read sensitive files and obtain critical configuration data and user credentials prior to versions 1.123.18 and 2.5.0.
Product: N8N
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25052
CVE-2026-25053 - n8n allowed authenticated users to execute arbitrary system commands or read arbitrary files due to vulnerabilities in the Git node before versions 1.123.10 and 2.5.0.
Product: n8n
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25053
CVE-2026-25115 - n8n allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary in versions prior to 2.4.8.
Product: n8n
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25115
CVE-2025-64712 - The unstructured library prior to version 0.18.18 allows path traversal leading to file overwriting through malicious MSG files.
Product: Unstructured library
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64712
CVE-2026-25160 - Alist, a file list program, had a vulnerability in versions prior to 3.57.0 that allowed for Man-in-the-Middle attacks due to disabled TLS certificate verification, compromising data integrity and confidentiality.
Product: Alist file list program
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25160
CVE-2026-25505 - Bambuddy's prior to version 0.1.7 contains a vulnerability where a hardcoded secret key used for signing JWTs is exposed in the source code and ManyAPI routes do not authenticate users.
Product: Bambuddy Bambu Lab 3D Printers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25505
CVE-2025-13375 - IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 have a vulnerability that could allow unauthenticated users to run commands with higher privileges on the system.
Product: IBM Common Cryptographic Architecture (CCA)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-13375
NVD References: https://www.ibm.com/support/pages/node/7259625
CVE-2026-25526 - JinJava is vulnerable to arbitrary Java execution through bypassing ForTag prior to versions 2.7.6 and 2.8.3, allowing file access and class instantiation bypassing sandbox restrictions.
Product: JinJava
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25526
CVE-2026-25539 - SiYuan allows authenticated users to write files to arbitrary locations on the filesystem, potentially leading to Remote Code Execution, prior to version 3.5.5.
Product: SiYuan personal knowledge management system
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25539
CVE-2020-37119 - Nsauditor 3.0.28 and 3.2.1.0 have a buffer overflow vulnerability in the DNS Lookup tool, enabling attackers to run arbitrary code through memory overwriting.
Product: Nsauditor
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37119
CVE-2020-37120 - Rubo DICOM Viewer 2.0 is vulnerable to a buffer overflow in the DICOM server name input field, allowing attackers to execute arbitrary code by overwriting SEH.
Product: Rubo DICOM Viewer 2.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37120
CVE-2020-37123 - Pinger 1.0 has a remote code execution vulnerability, enabling attackers to inject shell commands through unsanitized input in ping.php and execute system commands via shell metacharacters.
Product: Pinger 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37123
CVE-2020-37124 - B64dec 1.1.2 is vulnerable to a buffer overflow that allows code execution through crafted input, leveraging an egg hunter technique and SEH overwrite during base64 decoding.
Product: B64dec
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37124
CVE-2020-37125 - Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to remote code execution, allowing unauthenticated attackers to execute arbitrary commands through crafted POST requests on the /goform/mp endpoint.
Product: Edimax EW-7438RPn-v3 Mini
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37125
CVE-2020-37126 - Free Desktop Clock 3.0 has a stack overflow vulnerability in the Time Zones display name input that allows for potential code execution by attackers.
Product: Free Software Foundation Free Desktop Clock 3.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37126
CVE-2020-37129 - Memu Play 7.1.3 has an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable, potentially granting attackers SYSTEM-level privileges.
Product: Memu Play 7.1.3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37129
CVE-2020-37138 - 10-Strike Network Inventory Explorer 9.03 is vulnerable to a buffer overflow attack during file import, allowing remote attackers to execute arbitrary code.
Product: 10-Strike Network Inventory Explorer
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37138
CVE-2025-68723 - Axigen Mail Server before 10.5.57 is vulnerable to multiple stored Cross-Site Scripting (XSS) issues in the WebAdmin interface, allowing attackers to inject malicious scripts for privilege escalation attacks.
Product: Axigen Mail Server
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68723
CVE-2025-68121 - Crypto/tls is vulnerable to session resumption issues if Config's ClientCAs or RootCAs fields are mutated between initial and resumed handshakes, potentially allowing unauthorized sessions to be resumed.
Product: Golang
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68121
CVE-2026-0106 - vpu_ioctl in VPU has a vulnerability that could allow local privilege escalation without any user interaction required.
Product: Google Android
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0106
CVE-2026-21643 - Fortinet FortiClientEMS 7.4.4 is vulnerable to SQL injection, potentially enabling unauthorized execution of code or commands by an unauthenticated attacker through malicious HTTP requests.
Product: Fortinet FortiClientEMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21643
CVE-2026-2017 - IP-COM W30AP up to 1.0.0.11(1340) is vulnerable to a remote stack-based buffer overflow in the R7WebsSecurityHandler function of the POST Request Handler component, with the exploit now public due to the vendor's lack of response to early disclosure.
Product: IP-COM W30AP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2017
CVE-2026-25722 - Claude Code failed to properly validate directory changes, allowing bypass of write protection and creating/modifying files without user confirmation prior to version 2.0.57.
Product: Anthropic Claude Code
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25722
CVE-2026-25725 - Claude Code's bubblewrap sandboxing mechanism was vulnerable prior to version 2.1.2 due to inadequate protection of the .claude/settings.json configuration file, allowing for injection of malicious code.
Product: Anthropic Claude Code
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25725
CVE-2026-1709 - Keylime has an authentication bypass vulnerability that allows unauthenticated clients to perform administrative operations.
Product: Keylime registrar
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1709
CVE-2026-25520, CVE-2026-25586, CVE-2026-25587, CVE-2026-25641 - Multiple vulnerabilities in SandboxJS.
Product: SandboxJS JavaScript sandboxing library
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25520 (injection vulnerability)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25586 (injection vulnerability)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25587 (code injection vulnerability)
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25641 (Time-of-check Time-of-use (TOCTOU) Race Condition)
CVE-2026-25881 - SandboxJS prior to version 0.8.31 allows for a sandbox escape vulnerability leading to host-side prototype pollution and potential remote code execution.
Product: SandboxJS JavaScript sandboxing library
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25881
CVE-2026-25643 - Frigate's integration with go2rtc prior to 0.16.4 allows remote command execution by injecting system commands through the config.yaml file, granting full administrative control to unauthorized users.
Product: Frigate network video recorder (NVR)
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25643
CVE-2026-25592 - Semantic Kernel .NET SDK version prior to 1.70.0 is vulnerable to Arbitrary File Write within the SessionsPythonPlugin, mitigated by using a Function Invocation Filter.
Product: Microsoft Semantic Kernel .NET SDK
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25592
CVE-2026-25632 - EPyT-Flow prior to 0.16.1 allows attackers to execute OS commands during JSON parsing by manipulating the type field in JSON request bodies.
Product: EPyT-Flow Python package
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25632
CVE-2026-25544 - Payload headless content management system prior to version 3.73.0 allows unauthenticated attackers to perform blind SQL injection attacks through JSON and richText fields, leading to full account takeover.
Product: Payload eadless content management system
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25544
CVE-2026-25803 - 3DP-MANAGER allows attackers to gain full administrative control through a known default credential vulnerability in versions 2.0.1 and prior.
Product: 3DP-MANAGER 3x-ui
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25803
CVE-2020-37095 - Cyberoam Authentication Client 2.1.2.7 has a buffer overflow vulnerability that allows remote attackers to execute arbitrary code via the 'Cyberoam Server Address' field, resulting in a bind TCP shell on port 1337 with system-level access.
Product: Cyberoam Authentication Client 2.1.2.7
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37095
CVE-2020-37159 - Parallaxis Cuckoo Clock 5.0 has a buffer overflow vulnerability in its alarm scheduling feature that allows remote code execution by overwriting memory registers with a malicious payload.
Product: Parallaxis Cuckoo Clock 5.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37159
CVE-2020-37161 & CVE-2020-37162 - Wedding Slideshow Studio 1.36 buffer overflow vulnerabilities.
Product: Wedding Slideshow Studio
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37161
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37162
CVE-2026-25560 - WeKan prior to version 8.19 is vulnerable to LDAP filter injection due to insufficient escaping of user-supplied input, enabling attackers to manipulate LDAP queries during authentication.
Product: Wekan Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25560
CVE-2026-1615 - Jsonpath is vulnerable to Arbitrary Code Injection via user-supplied JSON Path expressions, allowing attackers to execute remote code or trigger XSS in Node.js or browser environments.
Product: Jsonpath
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1615
CVE-2026-22903 - Lighttpd server is vulnerable to remote code execution via stack buffer overflow triggered by an overly long SESSIONID cookie in an HTTP request.
Product: lighttpd modified lighttpd server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22903
NVD References: https://certvde.com/de/advisories/VDE-2026-004
CVE-2026-22904 - WAGO 852‑1328 web‑based management interface allows a remote attacker to trigger a denial-of-service and potential remote code execution by sending oversized cookie values due to improper length handling.
Product: WAGO 852‑1328 web‑based management interface
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22904
NVD References: https://certvde.com/de/advisories/VDE-2026-004
CVE-2026-22906 - WAGO 852‑1328 web‑based management interface stores user credentials using insecure encryption, allowing unauthorized attackers to easily decrypt and obtain login information.
Product: WAGO 852‑1328 web‑based management interface
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22906
NVD References: https://certvde.com/de/advisories/VDE-2026-004
CVE-2026-2234 - C&Cm@il by HGiga contains a Missing Authentication vulnerability enabling unauthorized remote access to user mail content.
Product: HGiga C&Cm@il
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2234
NVD References: https://www.twcert.org.tw/en/cp-139-10704-d5aba-2.html
CVE-2026-25848 - In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
Product: JetBrains Hub
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25848
CVE-2025-6830 - Xpoda Studio is vulnerable to SQL Injection up to version 09022026, despite vendor notification.
Product: Xpoda Türkiye Information Technology Inc Xpoda Studio
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6830
CVE-2026-24677 & CVE-2026-24679 - FreeRDP out-of-bounds read vulnerabilities.
Product: FreeRDP
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24677
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24679
CVE-2026-25057 - MarkUs allows instructors to upload zip files for assignments, which can lead to unauthorized file writing due to unchecked entry names, until version 2.9.1.
Product: MarkUs web application
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25057
CVE-2026-0488 - SAP CRM and SAP S/4HANA (Scripting Editor) are vulnerable to a flaw allowing an authenticated attacker to execute unauthorized critical functionalities, including running arbitrary SQL statements resulting in a full database compromise with high impact on confidentiality, integrity, and availability.
Product: SAP CRM and SAP S/4HANA
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0488
CVE-2026-0509 - SAP NetWeaver Application Server ABAP and ABAP Platform are susceptible to unauthorized background Remote Function Calls by low-privileged users, leading to high integrity and availability risks.
Product: SAP NetWeaver Application Server ABAP
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0509
CVE-2026-2095 & CVE-2026-2096 - Agentflow developed by Flowring is prone to Authentication Bypass vulnerabilities.
Product: Flowring Agentflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2095
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2096
NVD References: https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html
NVD References: https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html
CVE-2025-11242 - Okulistik software is vulnerable to Server-Side Request Forgery (SSRF) through 21102025, allowing attackers to manipulate server-side requests.
Product: Okulistik
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11242
CVE-2026-23906 - Apache Druid is vulnerable to an authentication bypass when using the druid-basic-security extension with LDAP authentication and anonymous binds allowed on the LDAP server.
Product: Apache Druid
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23906
CVE-2026-26009 - Catalyst platform allows for arbitrary shell commands with root-level remote code execution due to lack of sandboxing or containerization, fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Product: Catalyst Platform
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26009
CVE-2026-1499 - The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8.
Product: WP Duplicate WordPress Duplicate plugin
Active Installations: 200+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1499
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/11bb7190-023b-45e1-99a5-7313c489ef45?source=cve
Sponsors
SANS
SANS OSINT Summit | Monday, March 16, 2026 | Join us at the premier event for cybersecurity professionals, investigators, threat analysts, and open-source researchers shaping the future of intelligence gathering.
SANS
Webinar | Wednesday, February 25, 2026, at 1:00 PM EST | Detection Engineering That Scales: Practical Strategies for Resilient, Maintainable Security Operations.
SANS
Webinar | Tuesday, March 10, 2026, at 1:00 PM EDT | Securing Branch and OT Environments with Agentless Segmentation
SANS
Webinar | Wednesday, March 11, 2026, from 10:30 AM to 1:30 PM EDT | 2026 SANS State of Identity Threats & Defenses Survey Insights Event: How Identity Became the New Security Perimeter — And What’s Next.