SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 26ISSUE 07
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Patches Everything: February 2026
Published: 2026-02-11
Last Updated: 2026-02-11 19:36:59 UTC
by Johannes Ullrich (Version: 1)
Today, Apple released updates for all of its operating systems (iOS, iPadOS, macOS, tvOS, watchOS, and visionOS). The update fixes 71 distinct vulnerabilities, many of which affect multiple operating systems. Older versions of iOS, iPadOS, and macOS are also updated.
Of special note is CVE-2026-20700. This vulnerability has already been exploited in targeted attacks. It allows attackers who can write to memory to execute code. Two vulnerabilities patched in December are related to the same attack (CVE-2025-14174 and CVE-2025-43529).
Interesting are additional Siri/Voice Over vulnerabilities that allow access to some information on locked devices. This is a recurring issue, and you should probably turn off VoiceOver and Siri on locked devices. Another recurring and likely impossible to completely eliminate threat is applications being able to access data from other applications. To reduce the probability of exploitation, limit the Apps you install on your devices.
Read the full entry: https://isc.sans.edu/diary/Apple+Patches+Everything+February+2026/32706/
Tracking Malware Campaigns With Reused Material
Published: 2026-02-18
Last Updated: 2026-02-18 08:19:42 UTC
by Xavier Mertens (Version: 1)
A few days ago I wrote a diary called "Malicious Script Delivering More Maliciousness". In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with "BaseStart-" and "-BaseEnd" tags.
Today, I discovered anoher campaign that relies exactly on the same technique. It started with an attachment called ... . The file in itself is not interesting, it contains a good old Equation Editor exploit (CVE-2017-11882). The exploit triggers the download of an HTA payload that executes a PowerShell payload and finally a DLL ...
Read the full entry: https://isc.sans.edu/diary/Tracking+Malware+Campaigns+With+Reused+Material/32726/
Four Seconds to Botnet - Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary]
Published: 2026-02-11
Last Updated: 2026-02-12 01:56:24 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program]
Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even today, botnet operators continue to deploy credential stuffing malware that is capable of performing a full compromise of Linux systems in seconds.
During this internship, my DShield sensor captured a complete attack sequence involving a self-spreading SSH worm that combines:
- Credential brute forcing
- Multi-stage malware execution
- Persistent backdoor creation
- IRC-based command and control
- Digitally signed command verification
- Automated lateral movement using Zmap and sshpass
Timeline of the Compromise ...
Read the full entry: https://isc.sans.edu/diary/Four+Seconds+to+Botnet+Analyzing+a+Self+Propagating+SSH+Worm+with+Cryptographically+Signed+C2+Guest+Diary/32708/
OTHER INTERNET STORM CENTER ENTRIES
Fake Incident Report Used in Phishing Campaign (2026.02.17)
https://isc.sans.edu/diary/Fake+Incident+Report+Used+in+Phishing+Campaign/32722/
2026 64-Bits Malware Trend (2026.02.16)
https://isc.sans.edu/diary/2026+64Bits+Malware+Trend/32718/
AI-Powered Knowledge Graph Generator & APTs (2026.02.12)
https://isc.sans.edu/diary/AIPowered+Knowledge+Graph+Generator+APTs/32712/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2026-21510 - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Product: Microsoft Windows 10 1607
CVSS Score: 8.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21510
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21510
CVE-2026-21513 - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
Product: Microsoft Windows 10 1607
CVSS Score: 8.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21513
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21513
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21513
CVE-2026-21519 - Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows 10 1607
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21519
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21519
CVE-2026-21533 - Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows 10 1607
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21533
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21533
CVE-2026-21525 - Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
Product: Microsoft Windows 10 1607
CVSS Score: 6.2
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21525
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21525
CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability
Product: Microsoft Office 2016
CVSS Score: 0
** KEV since 2021-11-03 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2017-11882
ISC Diary: https://isc.sans.edu/diary/32726
CVE-2026-21514 - Microsoft Office Word is vulnerable to unauthorized attackers bypassing security features due to reliance on untrusted inputs.
Product: Microsoft 365 Apps
CVSS Score: 7.8
** KEV since 2026-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21514
NVD References:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21514
CVE-2026-20700 - watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3, and iPadOS 26.3 were vulnerable to a memory corruption issue that could allow an attacker to execute arbitrary code.
Product: Multiple Apple products
CVSS Score: 7.8
** KEV since 2026-02-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
NVD References: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20700
CVE-2026-2441 - Google Chrome prior to 145.0.7632.75 is vulnerable to a use after free issue in CSS, allowing remote attackers to execute arbitrary code via a crafted HTML page.
Product: Google Chrome
CVSS Score: 8.8
** KEV since 2026-02-17 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2441
NVD References:
- https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
- https://issues.chromium.org/issues/483569511
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441
CVE-2026-0488 - SAP CRM and SAP S/4HANA (Scripting Editor) are vulnerable to a flaw allowing an authenticated attacker to execute unauthorized critical functionalities, including running arbitrary SQL statements resulting in a full database compromise with high impact on confidentiality, integrity, and availability.
Product: SAP CRM and SAP S/4HANA (Scripting Editor)
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0488
CVE-2026-0509 - SAP NetWeaver Application Server ABAP and ABAP Platform are susceptible to unauthorized background Remote Function Calls by low-privileged users, leading to high integrity and availability risks.
Product: SAP NetWeaver Application Server ABAP and ABAP Platform
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-0509
CVE-2026-2095 & CVE-2026-2096 - Agentflow developed by Flowring is prone to Authentication Bypass vulnerabilities.
Product: Flowring Agentflow
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2095
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2096
NVD References: https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html
CVE-2025-11242 - Okulistik software is vulnerable to Server-Side Request Forgery (SSRF) through 21102025, allowing attackers to manipulate server-side requests.
Product: Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11242
CVE-2026-23906 - Apache Druid is vulnerable to an authentication bypass when using the druid-basic-security extension with LDAP authentication and anonymous binds allowed on the LDAP server.
Product: Apache Druid
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23906
NVD References: https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr
CVE-2026-1774 - CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.
Product: CASL Ability
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1774
NVD References: https://www.kb.cert.org/vuls/id/458422
CVE-2026-21531 - Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
Product: Microsoft Azure Conversation Authoring Client Library
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21531
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21531
CVE-2026-26009 - Catalyst platform allows for arbitrary shell commands with root-level remote code execution due to lack of sandboxing or containerization, fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
Product: Catalyst Platform
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26009
CVE-2025-66277 - QNAP operating systems are vulnerable to a link following vulnerability that allows remote attackers to traverse the file system to unintended locations, but the issue has been resolved in specific versions.
Product: Qnap QTS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-66277
NVD References: https://www.qnap.com/en/security-advisory/qsa-26-05
CVE-2025-8025 - Dinosoft ERP versions from below 3.0.1 to 11022026 are exposed to Missing Authentication for Critical Function, Improper Access Control vulnerability.
Product: Dinosoft ERP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8025
CVE-2025-8668 - Turboard is vulnerable to Reflected XSS from 2025.07 through 11022026, despite attempts to contact the vendor about the issue.
Product: E-Kalite Software Turboard
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8668
CVE-2025-12059 - Logo j-Platform in Logo Software Industry and Trade Inc. allows attackers to insert sensitive information into externally-accessible files or directories due to incorrectly configured access control security levels from version 3.29.6.4 through 13112025.
Product: Logo Software Industry and Trade Inc. Logo j-Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-12059
CVE-2026-2248 - METIS WIC devices (versions <= oscore 2.1.234-r18) have a vulnerability that allows a remote attacker to execute root-level operating system commands without authentication, leading to full system compromise and unauthorized access to sensitive data.
Product: METIS WIC devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2248
CVE-2026-2249 - METIS DFS devices (versions <= oscore 2.1.234-r18) have a web-based shell at the /console endpoint that can be accessed without authentication, allowing remote attackers to run operating system commands with 'daemon' privileges and compromise the software.
Product: METIS DFS devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2249
CVE-2025-64075 - Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 is vulnerable to a path traversal issue, allowing remote attackers to bypass authentication and carry out administrative actions with a specially crafted session cookie.
Product: Shenzhen Zhibotong Electronics ZBT WE2001
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64075
CVE-2026-24789 - An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Product: ZLAN Information Technology Co. ZLAN5143D
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-24789
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02
CVE-2026-25084 - Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Product: ZLAN Information Technology Co. ZLAN5143D
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25084
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-041-02
CVE-2025-69874 - Nanotar through 0.2.0 is vulnerable to path traversal, allowing remote attackers to write arbitrary files outside intended directories.
Product: Nanotar
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69874
CVE-2025-70085 - OpenSatKit 2.2.1 is vulnerable to a stack buffer overflow due to unsafe sprintf calls in multiple functions in file.c.
Product: OpenSatKit
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70085
CVE-2025-69872 - DiskCache (python-diskcache) through 5.6.3 is vulnerable to arbitrary code execution due to its use of Python pickle for serialization.
Product: DiskCache (python-diskcache)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69872
CVE-2020-37153 - ASTPP 4.0.1 is vulnerable to cross-site scripting and command injection, enabling attackers to hijack administrator sessions and execute arbitrary code with root permissions.
Product: ASTPP 4.0.1
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37153
CVE-2020-37176 - Torrent 3GP Converter 1.51 is vulnerable to a stack overflow that enables attackers to execute arbitrary code through manipulation of SEH registers, potentially leading to calculator opening via crafted buffer overflow techniques.
Product: Torrent 3GP Converter 1.51
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37176
CVE-2020-37181 - Torrent FLV Converter 1.51 Build 117 is vulnerable to a stack overflow attack that can lead to arbitrary code execution on Windows 32-bit systems.
Product: Torrent FLV Converter 1.51 Build 117
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37181
CVE-2020-37183 - Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 is vulnerable to a stack overflow in the License Name input field, enabling attackers to execute arbitrary code and system commands like calc.exe.
Product: Allok RM RMVB to AVI MPEG DVD Converter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37183
CVE-2020-37184 - Allok Video Converter 4.6.1217 is vulnerable to a stack overflow in the License Name input field, enabling attackers to execute arbitrary code through injected malicious bytecode.
Product: Allok Video Converter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37184
CVE-2020-37186 - Chevereto 3.13.4 Core is vulnerable to remote code execution via manipulated database table prefix parameters during installation, enabling attackers to execute arbitrary system commands through crafted POST requests.
Product: Chevereto 3.13.4 Core
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37186
CVE-2026-26021 - Set-in is vulnerable to prototype pollution in versions 2.0.1 to 2.0.4, allowing for Object.prototype pollution via crafted input using Array.prototype.
Product: Set-In Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26021
CVE-2025-67135 - PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf has weak security, leaving it vulnerable to code replay attacks compromising access control.
Product: PF-50 1.2 keyfob of PGST PG107 Alarm System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67135
CVE-2026-20677 - macOS, iOS, and iPadOS vulnerability allows shortcuts to potentially bypass sandbox restrictions.
Product: Multiple Apple products
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20677
CVE-2025-15573 - SolaX Cloud devices are vulnerable to man-in-the-middle attacks due to lack of server certificate validation when connecting to the cloud server, allowing attackers to issue unauthorized commands.
Product: SolaX Cloud
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15573
CVE-2025-10969 - Farktor Software E-Commerce Services Inc. E-Commerce Package is vulnerable to Blind SQL Injection up to version 27112025.
Product: Farktor Software E-Commerce Package
CVSS Score: 9.8
Recent CVEs Continued
CVE-2025-14014 - Smart Panel before 20251215 in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. allows unrestricted upload of dangerous file types, enabling access to functions not properly constrained by ACLs.
Product: NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co Smart Panel
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14014
CVE-2025-69634 - Dolibarr ERP & CRM v.22.0.9 is vulnerable to Cross Site Request Forgery, allowing a remote attacker to escalate privileges via the notes field in perms.php.
Product: Dolibarr ERP & CRM
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69634
CVE-2026-26216 - Crawl4AI versions prior to 0.8.0 are vulnerable to remote code execution through the Docker API deployment, allowing attackers to execute system commands and gain full server compromise.
Product: Crawl4AI
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26216
CVE-2025-70981 - CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
Product: CordysCRM
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70981
CVE-2026-26218 - Newbee-mall exposes a vulnerability by including pre-seeded administrator accounts with predictable default passwords, allowing unauthenticated attackers to gain full control of the application if default credentials are not changed during database initialization or reset.
Product: Newbee-mall
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26218
CVE-2026-26219 - Newbee-mall stores passwords using an insecure MD5 hashing algorithm, making it easy for attackers to decrypt user credentials obtained through database breaches.
Product: Newbee-mall user passwords
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26219
CVE-2025-70314 - webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
Product: webfsd 1.21
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70314
CVE-2026-25227 - authentik, an open-source identity provider, had a vulnerability from 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, allowing users with certain permissions to execute arbitrary code within the server container through the test endpoint.
Product: authentik identity provider
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25227
CVE-2026-1358 - Airleader Master versions 6.381 and prior have a vulnerability that permits unauthenticated users to upload files to multiple webpages with maximum privileges, potentially leading to remote code execution on the server.
Product: Airleader Master
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1358
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-10
CVE-2019-25319 - Domain Quester Pro 6.02 is vulnerable to remote code execution via a stack overflow in the 'Domain Name Keywords' input field.
Product: Domain Quester Pro 6.02
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25319
CVE-2019-25321 - FTP Navigator 8.03 is vulnerable to a stack overflow attack, allowing attackers to remotely execute malicious code by exploiting a buffer overflow in the Custom Command textbox.
Product: FTP Navigator
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25321
CVE-2019-25327 - Prime95 version 29.8 build 6 is vulnerable to a buffer overflow in the user ID input field, allowing remote attackers to execute arbitrary code via the PrimeNet user ID and proxy host fields.
Product: Prime95
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25327
CVE-2019-25337 - OwnCloud 8.1.8 is vulnerable to remote attackers discovering user accounts through username enumeration on the share.php endpoint.
Product: OwnCloud 8.1.8
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-25337
CVE-2020-37167 - ClamAV's ClamBC bytecode interpreter is vulnerable to attackers manipulating function names, potentially leading to execution of malicious bytecode or unexpected behavior within the engine.
Product: ClamAV ClamBC bytecode interpreter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-37167
CVE-2025-69770 - MojoPortal CMS v2.9.0.1 is vulnerable to a zip slip in SkinList.aspx endpoint, enabling attackers to run arbitrary commands through a malicious zip file upload.
Product: MojoPortal CMS
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69770
CVE-2026-26190 - Milvus exposes a vulnerability in versions prior to 2.5.27 and 2.6.10, allowing authentication bypasses and unauthorized access to business operations.
Product: Milvus
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26190
CVE-2025-69633 - Advanced Popup Creator module for PrestaShop versions 1.1.26 through 1.2.6 allows remote attackers to execute arbitrary SQL queries.
Product: PrestaShop Advanced Popup Creator
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69633
CVE-2025-32058 - The Infotainment ECU manufactured by Bosch using a RH850 module for CAN communication has a vulnerability that allows an attacker to send arbitrary CAN messages on the connected CAN bus.
Product: Bosch Infotainment ECU
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32058
CVE-2026-26366 - eNet SMART HOME server 2.2.1 and 2.3.1 have default credentials (user:user, admin:admin) allowing unauthenticated attackers to gain administrative access.
Product: eNet SMART HOME server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26366
CVE-2026-26369 - The eNet SMART HOME server 2.2.1 and 2.3.1 allows low-privileged users to gain administrative capabilities by exploiting insufficient authorization checks in the setUserGroup JSON-RPC method.
Product: eNet SMART HOME server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-26369
CVE-2026-2550 - EFM iptime A6004MX 14.18.2 is vulnerable to unrestricted file upload via the commit_vpncli_file_upload function in the /cgi/timepro.cgi file, allowing for remote attacks due to an unresponsive vendor after disclosure.
Product: EFM iptime A6004MX
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2550
CVE-2026-2577 - Nanobot's WhatsApp bridge component leaves the WebSocket server open to unauthenticated remote attackers, allowing them to hijack sessions and intercept messages and media.
Product: Nanobot WhatsApp bridge component
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2577
CVE-2025-65717 - Visual Studio Code Extensions Live Server v5.7.9 allows attackers to steal files through manipulated user interaction with HTML pages.
Product: Visual Studio Code Live Server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65717
CVE-2025-15578 - Maypole versions 2.10 through 2.13 for Perl generate session ids insecurely by seeding them with easily obtainable information.
Product: Maypole for Perl
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15578
CVE-2026-2439 - Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids, allowing attackers to potentially gain unauthorized access to systems using predictable UUIDs generated by insecure methods.
Product: Concierge Sessions
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-2439
CVE-2026-22208 - OpenS100 has a remote code execution vulnerability due to an unrestricted Lua interpreter, allowing attackers to execute arbitrary commands with the privileges of the OpenS100 process.
Product: OpenS100
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22208
CVE-2025-65753 - An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.
Product: Guardian Gryphon
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65753
CVE-2025-70830 - Datart v1.0.0-rc.3 is vulnerable to a Server-Side Template Injection (SSTI) in the Freemarker template engine, allowing authenticated attackers to execute arbitrary code by injecting crafted syntax into the SQL script field.
Product: Datart Freemarker template engine
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-70830
CVE-2026-23647 - Glory RBG-100 recycler systems using the ISPK-08 software component have hard-coded operating system credentials, allowing unauthorized remote access with elevated privileges.
Product: Glory RBG-100 recycler systems
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-23647
CVE-2026-22769 - Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 has a critical hardcoded credential vulnerability that can be exploited by unauthenticated remote attackers for unauthorized access to the system.
Product: Dell RecoverPoint for Virtual Machines
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-22769
NVD References: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079
CVE-2026-1670 - Honeywell CCTV Products Missing Authentication for Critical Function. The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
Product: Honeywell CCTV Products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1670
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04
CVE-2026-25903 - Apache NiFi 1.1.0 through 2.7.2 is vulnerable to missing authorization when updating configuration properties on extension components with specific Required Permissions based on the Restricted annotation.
Product: Apache NiFi
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-25903
ISC Podcast: https://isc.sans.edu/podcastdetail/9814
NVD References: https://lists.apache.org/thread/jf6bkt9sk6xvshy8xyxv3vtlxd340345
CVE-2026-1357 - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123 due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files.
Product: WPvivid Backup & Migration Plugin
Active Installations: 900,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1357
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/e5af0317-ef46-4744-9752-74ce228b5f37?source=cve
CVE-2026-1306 - The Midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code by exploiting a missing file type and file extension validation in the 'export' AJAX action.
Product: WordPress midi-Synth plugin
This plugin has been closed as of February 12, 2026 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1306
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b695d7-c690-4748-b218-5699d1aa63bf?source=cve
CVE-2026-1729 - The AdForest theme for WordPress is susceptible to authentication bypass up to version 6.0.12, allowing unauthenticated attackers to log in as any user, including administrators.
Product: WordPress AdForest theme
Active Installations: Unknown. Update to version 6.0.13, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1729
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/34fd42cb-3868-4b1c-bc56-575faf01e8f3?source=cve
CVE-2025-14892 - The Prime Listing Manager WordPress plugin allows an attacker to gain administrative access and perform unauthorized actions through a hardcoded secret.
Product: Prime Listing Manager WordPress plugin
Active Installations: This plugin has been closed as of January 5, 2026 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14892
CVE-2025-8572 - The Truelysell Core plugin for WordPress is vulnerable to privilege escalation through insufficient validation of the user_role parameter during user registration.
Product: Truelysell WordPress Core plugin
Active Installations: Unknown. Update to version 1.8.8, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-8572
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/b027c9f9-3144-4783-b646-ee1e02cd27ef?source=cve
CVE-2026-1490 - The Spam protection, Honeypot, Anti-Spam by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation via reverse DNS spoofing, allowing unauthenticated attackers to install plugins and potentially achieve remote code execution on sites with an invalid API key.
Product: Spam protection, Honeypot, Anti-Spam by CleanTalk
Active Installations: 200,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-1490
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/cb603be6-4a12-49e1-b8cc-b2062eb97f16?source=cve
Sponsors
Wiz
AI Security Board Report Template. This free, editable board report template helps security leaders communicate AI risk, posture, and priorities in a way the board understands, using real metrics, risk narratives, and strategic framing.
SANS
SANS Leadership Summit | Monday March 16, 2026 | Discover strategic insights at executive talks and real-world leadership lessons, and network with top CISOs and other cyber leaders.
SANS
Free Executive Briefing Thursday, February 19 1:00 PM ET | Quantum Risk Awareness for Security Leaders | Quantum risk is not a future-only problem. Adversaries can harvest encrypted data today for later decryption, while regulators and customers increasingly expect demonstrable progress now. This briefing explains what’s changing, why the migration is so large, and what you can do next.
SANS
Take the SANS AI Survey 2026 | Poisoned Wells and Pure Springs: Drawing Security and Compromise from the same AI Source. Contribute to a comprehensive look into how AI is reshaping the cybersecurity landscape.