Cyber Security Alerts

CVE ID : CVE-2025-52694 Published : Jan. 12, 2026, 3:16 a.m. | 4 hours, 16 minutes ago Description : Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet. ...Read more

CVE ID : CVE-2026-0841 Published : Jan. 11, 2026, 8:15 a.m. | 21 hours, 16 minutes ago Description : A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer...Read more

CVE ID : CVE-2026-0840 Published : Jan. 11, 2026, 7:15 a.m. | 22 hours, 17 minutes ago Description : A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads...Read more

CVE ID : CVE-2026-0838 Published : Jan. 11, 2026, 6:15 a.m. | 23 hours, 17 minutes ago Description : A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer...Read more

CVE ID : CVE-2026-0839 Published : Jan. 11, 2026, 6:15 a.m. | 23 hours, 17 minutes ago Description : A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer...Read more

CVE ID : CVE-2026-0837 Published : Jan. 11, 2026, 5:15 a.m. | 1 day ago Description : A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can...Read more

CVE ID : CVE-2026-0836 Published : Jan. 11, 2026, 5:15 a.m. | 1 day ago Description : A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation...Read more

CVE ID : CVE-2026-22704 Published : Jan. 10, 2026, 7:16 a.m. | 8 hours, 11 minutes ago Description : HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover....Read more

CVE ID : CVE-2026-22698 Published : Jan. 10, 2026, 6:15 a.m. | 3 hours, 10 minutes ago Description : RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions...Read more

CVE ID : CVE-2026-22685 Published : Jan. 10, 2026, 6:15 a.m. | 3 hours, 10 minutes ago Description : DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages (NUPKG...Read more

CVE ID : CVE-2025-65091 Published : Jan. 10, 2026, 4:16 a.m. | 3 hours, 56 minutes ago Description : XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit...Read more

CVE ID : CVE-2026-22610 Published : Jan. 10, 2026, 4:16 a.m. | 3 hours, 56 minutes ago Description : Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability...Read more

CVE ID : CVE-2026-22687 Published : Jan. 10, 2026, 4:16 a.m. | 3 hours, 56 minutes ago Description : WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database...Read more

CVE ID : CVE-2026-22688 Published : Jan. 10, 2026, 4:16 a.m. | 3 hours, 56 minutes ago Description : WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args...Read more

CVE ID : CVE-2026-22594 Published : Jan. 10, 2026, 3:15 a.m. | 3 hours, 4 minutes ago Description : Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This...Read more