Deployments of Apache Solr 5
Description
Deployments of Apache Solr 5
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
Deployments of Apache Solr 5
Deployments of Apache Solr 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda AC8 16
A vulnerability was detected in Tenda AC8 16
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Pl...
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core)
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical vulnerability in Oracle Edge Cloud allows unauthenticated attackers to achieve full system takeover via HTTP network access targeting the D...
A critical vulnerability in Oracle Edge Cloud allows unauthenticated attackers to achieve full system takeover via HTTP network access targeting the Desktop component.
---METADATA---
VENDOR: Oracle
PRODUCT: Edge Cloud Infrastructure Designer and Visualisation Toolkit
AFFECTED_VERSIONS: 0.3.0
---END_METADATA---
Description Summary:
A critical vulnerability in Oracle Edge Cloud allows unauthenticated attackers to achieve full system takeover via HTTP network access targeting the Desktop component.
Executive Summary:
Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0 is subject to a critical vulnerability allowing unauthenticated remote attackers to completely compromise the system.
Vulnerability Details
CVE-ID: CVE-2026-21994
Affected Software: Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit
Affected Versions: 0.3.0
Vulnerability: This is an easily exploitable vulnerability within the Desktop component. It allows an unauthenticated attacker with network access via HTTP to perform a complete system takeover, impacting confidentiality, integrity, and availability.
Business Impact
A successful exploit grants an attacker full control over the Infrastructure Designer and Visualisation Toolkit, leading to the potential exposure of sensitive architectural designs and unauthorized modifications to cloud configurations. The CVSS score of 9.8 reflects the critical nature of this flaw, as it requires no user interaction or privileges to execute, posing a severe risk of total system compromise and operational downtime.
Remediation Plan
Immediate Action: Update Oracle Edge Cloud to the latest available version immediately and consult the official Oracle security advisory for specific patching instructions.
Proactive Monitoring: Organizations should monitor HTTP traffic for anomalous requests targeting the Desktop component and review web server access logs for unauthorized administrative actions.
Compensating Controls: Implement strict network segmentation and restrict HTTP access to the toolkit to authorized IP addresses only, utilizing a Web Application Firewall (WAF) to filter malicious traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 17, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and its high CVSS score, the potential for exploitation is high.
Analyst Recommendation
The severity of this vulnerability cannot be overstated, as it allows for a complete takeover of a critical infrastructure tool. IT administrators must prioritize the application of the vendor-provided patch immediately to mitigate the risk of unauthenticated remote exploitation.
Update Oracle Edge Cloud to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A critical vulnerability in Oracle Identity Manager and Web Services Manager allows unauthenticated network-based takeover via HTTP.
A critical vulnerability in Oracle Identity Manager and Web Services Manager allows unauthenticated network-based takeover via HTTP.
---METADATA---
VENDOR: Oracle
PRODUCT: Identity Manager / Web Services Manager
AFFECTED_VERSIONS: 12.2.1.4.0, 14.1.2.1.0
---END_METADATA---
Description Summary:
A critical vulnerability in Oracle Identity Manager and Web Services Manager allows unauthenticated network-based takeover via HTTP.
Executive Summary:
Oracle Identity Manager and Web Services Manager contain a critical vulnerability that allows unauthenticated attackers to fully compromise and take over the system.
Vulnerability Details
CVE-ID: CVE-2026-21992
Affected Software: Oracle Identity Manager and Oracle Web Services Manager
Affected Versions: 12.2.1.4.0 and 14.1.2.1.0
Vulnerability: This flaw exists in the REST WebServices and Web Services Security components. It allows an unauthenticated attacker with network access via HTTP to compromise the software, leading to a complete takeover of the affected Oracle Fusion Middleware products.
Business Impact
The compromise of an identity management system is a catastrophic event for any organization. An attacker could gain control over user identities, access permissions, and security policies across the enterprise. The CVSS score of 9.8 reflects the high impact on confidentiality, integrity, and availability, potentially leading to widespread unauthorized access to other internal systems.
Remediation Plan
Immediate Action: Apply the critical security patches provided by Oracle for Identity Manager and Web Services Manager immediately.
Proactive Monitoring: Review HTTP access logs for suspicious requests targeting REST WebServices and monitor for unauthorized changes to user accounts or security configurations.
Compensating Controls: Restrict network access to the management interfaces of these products to trusted IP addresses only and use a WAF to filter malicious HTTP traffic.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 20, 2026, there is no public information indicating active exploitation. However, Oracle products are frequent targets for advanced persistent threats (APTs), and the ease of exploitation makes this a high-risk entry.
Analyst Recommendation
Given that this vulnerability allows for a complete system takeover by an unauthenticated actor, it must be treated with the highest urgency. Apply Oracle's latest Critical Patch Update (CPU) immediately to protect the organization's identity infrastructure.
Update Oracle Identity Manager to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been identified in the Core component of Oracle VM VirtualBox. A successful exploit could allow an attacker with control over a guest virtual machine to execute arbitrary code on the underlying host operating system, effectively escaping the virtualized environment. This could lead to a complete compromise of the host system, data theft, and further lateral movement within the network.
Vulnerability Details
CVE-ID: CVE-2026-21990
Affected Software: Oracle Multiple Products (Specifically Oracle VM VirtualBox)
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: The vulnerability is a heap-based buffer overflow within the Core component of Oracle VM VirtualBox, which is responsible for emulating virtual hardware devices. An attacker can trigger this flaw by sending specially crafted data from a guest operating system to the emulated device driver on the host. By overflowing the buffer, the attacker can overwrite adjacent memory structures, leading to a crash (Denial of Service) or, more critically, allowing for the execution of arbitrary code with the privileges of the VirtualBox process on the host machine.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. A successful exploitation could have a significant business impact by breaking the fundamental security boundary between a guest virtual machine and its host. This could lead to the compromise of sensitive data residing on the host system, unauthorized access to the corporate network the host is connected to, and the deployment of malware or ransomware on critical infrastructure. Organizations using VirtualBox for development, sandboxing, or testing untrusted applications are at a particularly high risk of system compromise and data breaches.
Remediation Plan
Immediate Action: Apply the security updates provided by Oracle in its latest Critical Patch Update (CPU) immediately. Prioritize patching systems that host virtual machines running untrusted code or are accessible from untrusted networks. After patching, monitor systems for any signs of post-exploitation activity and review system and application logs for indicators of compromise.
Proactive Monitoring: Security teams should monitor for anomalous behavior on host systems running VirtualBox. This includes looking for unexpected processes being spawned by the VirtualBox parent process, unusual network connections originating from the host system, and frequent or unexplained crashes of the VirtualBox application. Within the guest OS, monitor for attempts to interact with specific hardware emulation drivers in unusual ways.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. This includes running VirtualBox with the lowest possible user privileges, disabling unnecessary hardware features like 3D acceleration and USB passthrough, and using network segmentation to isolate the host machine from critical network segments. Ensure that both the host and guest operating systems are fully hardened and monitored.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, vulnerabilities that allow for virtual machine escapes are highly valued by threat actors, and it is likely that exploit development is underway.
Analyst Recommendation
Given the high CVSS score of 8.2 and the critical impact of a successful guest-to-host escape, immediate remediation is strongly recommended. Organizations must prioritize the deployment of Oracle's security patches to all systems running affected versions of VirtualBox. Although this vulnerability is not currently listed on the CISA KEV list, its severity makes it a prime candidate for future inclusion and a high-priority target for attackers. All instances of VirtualBox should be considered a significant risk until patched.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in code-projects Online Reviewer System 1
A security flaw has been discovered in code-projects Online Reviewer System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been discovered in the Core component of Oracle VM VirtualBox. This flaw could allow a malicious actor within a guest virtual machine to escape the virtual environment and execute arbitrary code on the underlying host operating system, leading to a complete compromise of the host system. Organizations using the affected software are at significant risk of data breaches, lateral network movement, and loss of system integrity.
Vulnerability Details
CVE-ID: CVE-2026-21989
Affected Software: Oracle VM VirtualBox
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a memory corruption flaw within the Core component of Oracle VM VirtualBox, which manages the fundamental operations between the guest and host systems. An attacker with the ability to run code within a guest operating system can craft a specially designed request to the hypervisor. This request triggers a buffer overflow condition, allowing the attacker to overwrite memory on the host machine and achieve arbitrary code execution with the privileges of the VirtualBox process.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.1. Successful exploitation would break the fundamental security boundary between a guest virtual machine and the host operating system. This could lead to a complete system compromise, allowing an attacker to access, modify, or exfiltrate sensitive data stored on the host, install persistent malware or ransomware, and use the compromised host as a pivot point to attack other systems on the internal network. The potential business impact includes loss of data confidentiality, disruption of business operations, and significant reputational damage.
Remediation Plan
Immediate Action: Identify all systems running vulnerable versions of Oracle VM VirtualBox and apply the security updates provided by Oracle immediately. Prioritize patching for systems hosting critical or internet-facing virtual machines. After patching, monitor systems for any signs of compromise and review system and application logs for suspicious activity preceding the patch deployment.
Proactive Monitoring: Implement enhanced monitoring on host systems running VirtualBox. Look for unusual process creation originating from the VirtualBox parent process, unexpected network connections from the host, and anomalous CPU or memory consumption. Utilize Endpoint Detection and Response (EDR) tools to detect suspicious behavior patterns associated with virtualization escape techniques.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 22, 2026, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, due to the high severity and the popularity of VirtualBox, it is highly probable that threat actors will reverse-engineer the patch to develop exploits. Organizations should assume that exploitation is imminent.
Analyst Recommendation
Given the high CVSS score and the critical nature of a guest-to-host escape vulnerability, we strongly recommend that organizations treat this as a critical priority. All affected instances of Oracle VM VirtualBox must be patched immediately. Although this vulnerability is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion and widespread exploitation. Proactive patching is the most effective defense against potential compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been discovered in the core component of Oracle VM VirtualBox. Successful exploitation of this flaw could allow an attacker with control over a guest virtual machine to "escape" and execute malicious code on the underlying host computer, leading to a complete system compromise. This poses a significant risk of data theft, network intrusion, and operational disruption.
Vulnerability Details
CVE-ID: CVE-2026-21988
Affected Software: Oracle Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a guest-to-host escape flaw within the core virtualization engine of Oracle VM VirtualBox. An attacker who can execute code within a guest operating system can leverage this flaw to break out of the virtualized environment and gain arbitrary code execution capabilities on the host operating system. The exploit would likely involve sending specially crafted requests or data from the guest to the hypervisor, triggering a memory corruption or logic error that can be manipulated to gain control of the host system's instruction pointer.
Business Impact
This is a high-severity vulnerability with a CVSS score of 8.2. A successful exploit would result in a complete compromise of the host machine running Oracle VM VirtualBox. The business impact includes the potential for data breaches, as the attacker would gain access to all sensitive information stored on the host system. Furthermore, a compromised host can be used as a pivot point for lateral movement across the corporate network, escalating the incident significantly. This could lead to widespread system downtime, deployment of ransomware, and severe reputational damage.
Remediation Plan
Immediate Action: Organizations must prioritize the immediate application of security updates provided by Oracle to all systems running the affected versions of Oracle VM VirtualBox. After patching, system administrators should verify that the updates have been installed successfully.
Proactive Monitoring: Security teams should actively monitor for signs of compromise. This includes reviewing host system logs for unusual processes spawning from VirtualBox executables, monitoring for anomalous network traffic originating from host machines, and using Endpoint Detection and Response (EDR) tools to detect suspicious behavior such as privilege escalation or unexpected file system modifications.
Compensating Controls: If immediate patching is not feasible, consider the following controls:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or active exploitation attempts observed in the wild. However, due to the high impact of VM escape vulnerabilities, it is highly probable that security researchers and threat actors will prioritize developing exploits for this flaw.
Analyst Recommendation
Given the high severity (CVSS 8.2) and the critical impact of a virtual machine escape vulnerability, immediate remediation is strongly recommended. Although CVE-2026-21988 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its nature makes it a prime target for future exploitation. All organizations using the affected Oracle products must treat this as a high-priority vulnerability and apply the vendor-provided patches without delay to prevent a potential full-system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been identified in the core component of Oracle VM VirtualBox. Successful exploitation of this flaw could allow an attacker operating within a guest virtual machine to break out and execute malicious code on the host operating system, potentially leading to a full system compromise. This compromises the fundamental security isolation between guest and host systems, posing a significant risk to the confidentiality, integrity, and availability of the host machine and the network it resides on.
Vulnerability Details
CVE-ID: CVE-2026-21987
Affected Software: Oracle VM VirtualBox
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists within the Core component of Oracle VM VirtualBox, which is responsible for the fundamental operations of the hypervisor. A flaw in this component allows a malicious actor with code execution privileges inside a guest operating system to send specially crafted requests to the hypervisor. This can trigger a memory corruption condition on the host, leading to a "VM escape" scenario where the attacker can execute arbitrary code with the privileges of the VirtualBox process on the host operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2, reflecting the significant risk it poses to an organization. A successful exploit would completely negate the security isolation provided by virtualization, allowing an attacker to move from a potentially low-security guest environment to the underlying host system. This could lead to a complete compromise of the host, enabling data theft of sensitive information stored on the host or other VMs, deployment of ransomware, or using the compromised host as a pivot point to attack other systems on the internal network.
Remediation Plan
Immediate Action: Apply the security updates provided by Oracle to all affected installations of Oracle VM VirtualBox without delay. After patching, system administrators should actively monitor for any signs of post-patch exploitation attempts and conduct a thorough review of system and application logs for any anomalous activity preceding the update.
Proactive Monitoring: Monitor host systems for unusual processes being spawned by the Oracle VM VirtualBox process. Scrutinize network traffic originating from the host machine for unexpected connections. Implement logging and alerting for high CPU or memory usage spikes associated with VirtualBox, which could indicate an exploitation attempt.
Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or observed in-the-wild attacks leveraging this vulnerability. However, given the high severity and the potential for a full VM escape, security researchers and threat actors are highly likely to begin analyzing the patch to develop functional exploits.
Analyst Recommendation
Given the high CVSS score of 8.2 and the critical nature of a VM escape vulnerability, this issue must be treated with high priority. Although CVE-2026-21987 is not currently on the CISA KEV list, vulnerabilities of this type are often targeted by attackers and added later. We strongly recommend that organizations prioritize the immediate deployment of Oracle's security updates across all systems running the affected software to prevent potential host system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in code-projects Online Reviewer System 1
A vulnerability was identified in code-projects Online Reviewer System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud)
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Analytics Cloud)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Security Management System)
Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Security Management System)
Executive Summary:
A high-severity vulnerability has been discovered in the Security Management System component of Oracle FLEXCUBE Investor Servicing. A remote attacker with low-level user credentials could exploit this flaw to gain administrative privileges, potentially leading to unauthorized access to sensitive financial data, fraudulent activity, and disruption of critical services.
Vulnerability Details
CVE-ID: CVE-2026-21973
Affected Software: Oracle Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a privilege escalation flaw within the Security Management System component. A remote, authenticated attacker with low-privilege access can send a specially crafted request to the application. Due to improper input validation and authorization checks, this request is processed with elevated permissions, allowing the attacker to escalate their privileges to that of an administrator, granting them full control over the application's security settings and functions.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.1. Successful exploitation could have a severe business impact, particularly given the financial nature of the Oracle FLEXCUBE application. An attacker with administrative access could manipulate financial records, initiate fraudulent transactions, exfiltrate sensitive customer and investor data, and disrupt core business operations. The potential consequences include direct financial loss, regulatory fines, reputational damage, and a loss of customer trust.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Oracle immediately across all affected systems. After patching, it is crucial to monitor for any signs of exploitation attempts that may have occurred prior to the update and to review all administrative access logs for suspicious activity.
Proactive Monitoring: Implement enhanced monitoring of the Oracle FLEXCUBE application. Specifically, look for unusual or unauthorized privilege escalations, unexpected changes to user roles and permissions, and anomalous API calls directed at the Security Management System component. Correlate application logs with network traffic to identify suspicious patterns originating from internal or external sources.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. These include restricting network access to the application management interface to only trusted administrative workstations, implementing a Web Application Firewall (WAF) with rules to inspect and block malicious requests, and enforcing strict multi-factor authentication (MFA) for all user accounts, especially those with privileged access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 22, 2026, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, vulnerabilities in widely used financial software are high-value targets for threat actors, who may actively work to reverse-engineer the patch to develop an exploit.
Analyst Recommendation
Due to the high severity (CVSS 8.1) and the critical function of the affected software, it is strongly recommended that organizations prioritize the immediate application of vendor-supplied security patches. Although this vulnerability is not currently listed on the CISA KEV catalog, its high impact on a critical financial system makes it a significant risk. Organizations should treat this as an urgent priority to prevent potential financial loss and data compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in code-projects Online Reviewer System 1
A vulnerability was determined in code-projects Online Reviewer System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supporte...
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Supplier Portal). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in takeover of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Executive Summary:
A critical vulnerability has been identified in the Oracle Agile Product Lifecycle Management for Process software, specifically within its Supplier Portal component. This flaw allows an unauthenticated attacker with network access to easily and completely take over the affected system, posing a severe risk to data confidentiality, integrity, and the availability of critical supply chain operations.
Vulnerability Details
CVE-ID: CVE-2026-21969
Affected Software: Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain Multiple Products
Affected Versions: 6.2.4
Vulnerability: This is a critical remote, unauthenticated vulnerability in the Supplier Portal component of Oracle Agile PLM for Process. An attacker can exploit this flaw over the network via a standard HTTP request without needing any credentials or user interaction. The low complexity of the attack means that a threat actor can reliably execute an exploit to achieve a full system compromise, resulting in a complete takeover of the application.
Business Impact
Critical Severity (CVSS Score: 9.8)
The business impact of this vulnerability is critical. Successful exploitation allows an attacker to gain complete control over the Oracle Agile PLM system. This could lead to the theft of sensitive intellectual property and proprietary product data (Confidentiality), unauthorized modification or deletion of crucial supply chain and product records (Integrity), and a total disruption of product lifecycle management processes by making the system unavailable (Availability). The potential consequences include severe financial loss, operational downtime, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Immediately apply the security patches released by Oracle to update the Oracle Agile Product Lifecycle Management for Process product to the latest secure version. Prioritize patching for all internet-facing instances of the Supplier Portal. After patching, monitor for any further exploitation attempts and review historical access logs for signs of compromise.
Proactive Monitoring: System administrators should closely monitor HTTP access logs for the Supplier Portal, looking for unusual patterns, unexpected payloads, or malformed requests from unknown IP addresses. Implement enhanced logging and configure security information and event management (SIEM) systems to generate alerts for anomalous activity that could indicate scanning or exploitation attempts targeting this vulnerability.
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of the publication date, January 20, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to its critical severity (CVSS 9.8) and ease of exploitation (low complexity, no authentication required), it is highly probable that threat actors will develop and deploy exploits in the near future.
Analyst Recommendation
This vulnerability represents a severe and immediate threat to the organization. Given its critical 9.8 CVSS score and the fact that it can be exploited remotely by an unauthenticated attacker, immediate action is required. Organizations must prioritize the deployment of Oracle's security updates across all affected systems without delay. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. If patching cannot be performed immediately, the compensating controls listed above must be implemented as a temporary but urgent measure to reduce the attack surface.
Update Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)
Executive Summary:
A high-severity vulnerability has been identified in the Oracle Hospitality OPERA 5 software, a system widely used in the hospitality industry for property management. An unauthenticated attacker could remotely exploit this flaw to compromise the application server, potentially leading to the theft of sensitive guest data, financial information, and significant operational disruption. Organizations are urged to apply the vendor's security patch immediately to mitigate this critical risk.
Vulnerability Details
CVE-ID: CVE-2026-21967
Affected Software: Oracle Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists within the Opera Servlet component of the Oracle Hospitality OPERA 5 application. The flaw is due to improper handling of user-supplied data in HTTP requests sent to the servlet. An unauthenticated remote attacker can craft a specially designed request to trigger this vulnerability, leading to arbitrary code execution on the server with the permissions of the web application service. Exploitation does not require any user interaction or prior authentication.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.6. Successful exploitation would have a severe business impact on any organization in the hospitality sector using the affected software. Potential consequences include a major data breach involving sensitive guest Personally Identifiable Information (PII) and payment card data, leading to significant regulatory fines (e.g., GDPR, PCI-DSS) and legal costs. Furthermore, an attacker could disrupt hotel operations by manipulating reservation data or rendering the system unavailable, causing direct financial loss and severe reputational damage.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Oracle to all vulnerable systems without delay. After patching, review web server and application logs for any signs of compromise or attempted exploitation that may have occurred prior to the update.
Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes inspecting web server access logs for unusual or malformed requests to the "Opera Servlet" endpoint, monitoring for unexpected outbound network connections from the application server, and using endpoint detection and response (EDR) tools to identify anomalous processes spawned by the web application service.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Deploy a Web Application Firewall (WAF) with virtual patching rules to block malicious requests targeting the vulnerable servlet. Additionally, enforce strict network segmentation to limit access to the OPERA application server, allowing connections only from trusted internal networks and blocking all direct, untrusted internet access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or active exploitation of this vulnerability in the wild. However, given the high-severity rating and the value of the target data, it is highly probable that threat actors will reverse-engineer the patch to develop an exploit. This vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Due to the high CVSS score of 8.6 and the critical role of the Oracle Hospitality OPERA 5 system, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that the vendor-supplied security patches be applied as an emergency change across all affected systems. The potential for a data breach of sensitive guest information and operational disruption far outweighs the risks associated with an expedited patching process. If patching must be delayed, the compensating controls outlined above should be implemented immediately as a temporary mitigation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Pl...
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in. While the vulnerability is in Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in accessible data. Note: Affected version for Weblogic Server Proxy Plug-in for IIS is 12.2.1.4.0 only. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).
---METADATA---
VENDOR: Oracle
PRODUCT: WebLogic Server Proxy Plug-in
AFFECTED_VERSIONS: 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
An unauthenticated remote code execution vulnerability exists in Oracle WebLogic Server Proxy Plug-ins for Apache HTTP Server and IIS, potentially leading to a full system compromise.
Executive Summary:
A critical, unauthenticated remote vulnerability in Oracle WebLogic Server Proxy Plug-ins allows attackers to gain unauthorized access to and manipulate sensitive system data.
Vulnerability Details
CVE-ID: CVE-2026-21962
Affected Software: Oracle WebLogic Server Proxy Plug-in
Affected Versions: 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 (Note: IIS plug-in is only affected in 12.2.1.4.0)
Vulnerability: This is a critical security flaw involving the WebLogic Server Proxy Plug-in for Apache HTTP Server and IIS. It allows an unauthenticated attacker with network access to execute unauthorized operations, including the creation, deletion, or modification of critical data.
Business Impact
The CVSS score of 10.0 reflects the maximum severity, indicating that this vulnerability poses an existential risk to the confidentiality and integrity of the affected infrastructure. Successful exploitation could lead to total unauthorized access to critical business data, potentially resulting in severe reputational damage, regulatory non-compliance, and significant operational disruption.
Remediation Plan
Immediate Action: Identify and inventory all instances of the affected Oracle WebLogic Server Proxy Plug-ins and apply the vendor-supplied security updates immediately.
Proactive Monitoring: Inspect network traffic for unauthorized HTTP requests directed at proxy components and review server access logs for anomalous activity.
Compensating Controls: Deploy Web Application Firewall (WAF) rules to filter malicious traffic and restrict network access to the affected proxy services to trusted internal sources only.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jan 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this vulnerability and its potential for complete system compromise, immediate patching is required. Organizations should prioritize this update across all affected production environments to mitigate the risk of unauthorized access.
Update Vulnerability in the Oracle HTTP Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was found in code-projects Online Reviewer System 1
A vulnerability was found in code-projects Online Reviewer System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been identified in the core component of Oracle VM VirtualBox. This flaw could allow an attacker with control over a guest virtual machine to "escape" the virtual environment and execute malicious code on the underlying host computer, leading to a complete system compromise. Organizations using the affected software are at risk of data theft, network intrusion, and host system takeover.
Vulnerability Details
CVE-ID: CVE-2026-21956
Affected Software: Oracle VM VirtualBox
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists within the Core component of Oracle VM VirtualBox, which is responsible for the fundamental operations of the hypervisor. A flaw in how the hypervisor handles specific, malformed requests from a guest operating system can be exploited. An attacker with administrative or root privileges within a guest VM can craft and send these requests to the hypervisor, triggering a memory corruption condition (such as a buffer overflow or use-after-free) in the host's VirtualBox process, ultimately allowing for arbitrary code execution on the host operating system with the privileges of the VirtualBox user.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. A successful exploit would completely undermine the security isolation provided by virtualization. The primary business impact is the potential for a full host system compromise originating from a guest machine. This could lead to the theft of sensitive data from the host and all other virtual machines running on it, the installation of persistent malware or rootkits on the host system, and the ability for an attacker to use the compromised host as a pivot point to attack the broader corporate network. For organizations using VirtualBox for development, sandboxing, or testing, this could result in the compromise of source code, intellectual property, and internal network credentials.
Remediation Plan
Immediate Action: The primary remediation is to apply the security patches released by Oracle to all affected installations of Oracle VM VirtualBox immediately. After patching, system administrators should review VirtualBox and host system logs for any unusual activity or crashes that may indicate prior exploitation attempts.
Proactive Monitoring: Implement enhanced monitoring on host systems running VirtualBox. Look for anomalous process behavior associated with VirtualBox processes (e.g., unexpected child processes, unusual network connections), and monitor for unexpected crashes of the hypervisor. Network traffic monitoring should be in place to detect any unauthorized communication from guest VMs to the internal network.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or active attacks targeting this vulnerability in the wild. However, guest-to-host escape vulnerabilities are highly valued by threat actors, and it is likely that security researchers and malicious actors will work to develop an exploit.
Analyst Recommendation
Given the high CVSS score and the critical impact of a successful guest-to-host escape, we strongly recommend that organizations prioritize the immediate patching of this vulnerability. All systems running the affected Oracle VM VirtualBox software should be identified and updated without delay. Although this vulnerability is not currently listed on the CISA KEV catalog, its severity warrants treating it with the highest urgency to prevent potential full system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Executive Summary:
A high-severity vulnerability has been discovered in the core component of Oracle VM VirtualBox, a widely used virtualization software. This flaw could potentially allow a malicious program running inside a virtual machine to "escape" and attack the underlying host computer, leading to a complete system compromise or a crash that causes a denial of service. Organizations using the affected software are at significant risk of data theft, system takeover, and operational disruption.
Vulnerability Details
CVE-ID: CVE-2026-21955
Affected Software: Oracle VM VirtualBox
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists within the Core component of Oracle VM VirtualBox, which is responsible for the fundamental operations of the hypervisor. An attacker with the ability to execute code within a guest virtual machine (VM) can craft a malicious request or operation that is improperly handled by the hypervisor core. Successful exploitation could lead to a VM escape, allowing the attacker to execute arbitrary code with the privileges of the VirtualBox process on the host operating system, or it could trigger a host system crash, resulting in a denial-of-service condition for all VMs running on that host.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2, posing a significant risk to the business. Exploitation could lead to a complete compromise of the host machine, granting an attacker access to all sensitive data stored on the host and potentially allowing them to pivot to other systems on the corporate network. The potential consequences include intellectual property theft, deployment of ransomware, and reputational damage. A successful denial-of-service attack would disrupt critical development, testing, or server environments that rely on VirtualBox, leading to operational downtime and loss of productivity.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by Oracle to all affected installations of Oracle VM VirtualBox without delay. After patching, system administrators should review system and application logs for any anomalous activity or indicators of compromise that may have occurred prior to the patch deployment.
Proactive Monitoring: Implement enhanced monitoring on host systems running VirtualBox. Security teams should look for unusual processes spawning from the VirtualBox parent process, unexpected network connections originating from the host system, and unexplained host system crashes or instability. Endpoint Detection and Response (EDR) solutions should be configured to alert on suspicious behavior related to virtualization processes.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of January 21, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, high-severity vulnerabilities in virtualization software are prime targets for threat actors, who often reverse-engineer security patches to develop exploits rapidly.
Analyst Recommendation
Given the high CVSS score of 8.2 and the critical nature of a potential VM escape, this vulnerability requires immediate attention. We strongly recommend that all system owners prioritize the deployment of Oracle's security patches across all workstations and servers running the affected software. Although CVE-2026-21955 is not currently on the CISA KEV list, its severity makes it a likely candidate for future inclusion. Organizations should treat this vulnerability as an active threat and act swiftly to mitigate the risk of a host system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in code-projects Online Reviewer System 1
A vulnerability has been found in code-projects Online Reviewer System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group)
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the SQLcl component of Oracle Database Server
Vulnerability in the SQLcl component of Oracle Database Server
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure)
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker...
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)
Executive Summary:
A high-severity vulnerability has been identified in the DNS module of Juniper Networks Junos OS on SRX Series devices. This flaw, tracked as CVE-2026-21920, can be exploited by an unauthenticated attacker over the network to cause a Denial of Service (DoS), potentially leading to a complete network outage for services protected by the affected firewall.
Vulnerability Details
CVE-ID: CVE-2026-21920
Affected Software: DNS module of Juniper Networks Junos OS on SRX Series
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is an "Unchecked Return Value" in the device's DNS processing functionality. An unauthenticated, network-based attacker can send a specially crafted DNS query to an affected SRX device. When the system processes this malicious query, a function within the DNS module fails but the software does not properly check for this failure state, causing the program to continue execution with invalid data, which ultimately leads to a process crash and a Denial of Service (DoS) condition for the entire device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Successful exploitation would result in a Denial of Service, causing the SRX firewall to become unresponsive and stop forwarding traffic. This can lead to significant business disruption, including loss of internet connectivity, unavailability of critical applications, and disruption of VPN services. The potential for a complete network outage poses a direct risk to business continuity, operational stability, and brand reputation.
Remediation Plan
Immediate Action: Apply the security updates provided by Juniper Networks immediately to all affected SRX Series devices. After patching, monitor system logs and network traffic for any signs of exploitation attempts or anomalous behavior related to the DNS service.
Proactive Monitoring: Security teams should monitor for unexpected reboots or crashes of SRX devices. Review device logs for errors related to the DNS process (e.g., flowd). Monitor DNS traffic for unusual query patterns or sources targeting the affected devices, which could indicate scanning or exploitation attempts.
Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 16, 2026, there are no known public proof-of-concept exploits or reports of this vulnerability being actively exploited in the wild. However, given the low complexity of the attack, threat actors are likely to develop exploit code by reverse-engineering the vendor-supplied patches.
Analyst Recommendation
This vulnerability presents a significant risk of network disruption to the organization. Due to the high severity (CVSS 7.5) and the fact that an attacker requires no authentication, we strongly recommend that the vendor-supplied patches be applied as a top priority. While this CVE is not currently on the CISA KEV list, its characteristics make it an attractive target for attackers seeking to cause disruption. Organizations should prioritize patching and implement the recommended monitoring controls to prevent a potentially impactful Denial of Service event.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda AC9 15
A security vulnerability has been detected in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network...
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows a...
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to ca...
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an una...
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda AC9 15
A weakness has been identified in Tenda AC9 15
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows a...
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX...
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS)
Executive Summary:
A high-severity vulnerability has been identified in Juniper Networks Junos OS that affects SRX and MX Series devices. An unauthenticated attacker can remotely send specific network traffic that causes a critical process to crash, resulting in a complete denial of service (DoS) and disrupting all network traffic passing through the affected device.
Vulnerability Details
CVE-ID: CVE-2026-21905
Affected Software: Juniper Networks Junos OS
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an infinite loop within the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) component. An unauthenticated, network-based attacker can exploit this by sending a specially crafted sequence of SIP messages over TCP to a vulnerable device. The SIP ALG fails to properly handle these messages, causing the flow management process to enter an infinite loop, which consumes excessive CPU resources and ultimately leads to a process crash and a Denial of Service condition for the entire device.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw will result in a Denial of Service (DoS), causing a complete outage of network traffic processed by the affected SRX or MX series device. The business impact includes significant operational disruption, unavailability of critical services (such as VoIP, internet access, or internal routing), potential financial loss due to downtime, and damage to the organization's reputation. The attack does not require authentication and can be launched remotely, increasing the risk profile.
Remediation Plan
Immediate Action: Apply the security updates provided by Juniper Networks to all affected devices immediately. Prioritize patching for internet-facing devices and critical infrastructure components to mitigate the risk of external attack.
Proactive Monitoring: Monitor network traffic for unusual or malformed SIP messages, particularly over TCP. System administrators should monitor CPU and memory utilization on the flow management process (flowd) on SRX and MX devices for abnormal spikes. Review system logs for entries related to SIP ALG errors or flowd process crashes.
Compensating Controls: If patching cannot be performed immediately, consider implementing the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 17, 2026, there is no known public proof-of-concept exploit code, and there are no reports of this vulnerability being actively exploited in the wild. However, given the low attack complexity, it is likely that threat actors could develop an exploit with minimal effort.
Analyst Recommendation
Due to the high severity (CVSS 7.5) and the potential for significant business disruption, it is strongly recommended that organizations prioritize the immediate application of vendor-supplied patches. Although this CVE is not currently listed on the CISA KEV catalog, its ability to be exploited by an unauthenticated remote attacker makes it a critical threat. Organizations should identify all vulnerable Juniper devices in their environment and proceed with the remediation plan without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in itsourcecode School Management System 1
A security flaw has been discovered in itsourcecode School Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
Executive Summary:
A high-severity vulnerability has been identified in multiple CryptoLib products, which are used to secure communications for spacecraft. This flaw could allow a remote attacker to bypass security protocols, potentially leading to the interception of sensitive satellite data or the injection of malicious commands. Successful exploitation could compromise mission-critical operations and jeopardize valuable space assets.
Vulnerability Details
CVE-ID: CVE-2026-21898
Affected Software: CryptoLib Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability exists due to improper validation of security parameters within the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) frames. A remote, unauthenticated attacker can exploit this by sending a specially crafted SDLS-EP packet to a target system running the vulnerable CryptoLib software. The flaw allows the attacker to bypass cryptographic and authentication controls, enabling them to either decrypt sensitive telemetry data in transit or inject unauthorized telecommands to the spacecraft, potentially achieving remote code execution or operational control.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. Exploitation could have severe consequences for the organization, including the loss of confidentiality of proprietary or sensitive mission data. More critically, the ability to send unauthorized commands to a spacecraft could lead to a loss of integrity and availability, resulting in mission disruption, loss of control over the space asset, or even complete mission failure. The financial and reputational damage from such an incident would be substantial, impacting operational capabilities and stakeholder trust.
Remediation Plan
Immediate Action: Apply the security updates released by CryptoLib across all affected ground station and flight systems immediately. After patching, it is crucial to monitor systems for any signs of attempted exploitation by closely reviewing system and network access logs for anomalous activity.
Proactive Monitoring: Implement enhanced monitoring of network traffic to and from the affected systems. Specifically, look for malformed or non-standard SDLS-EP packets, unexpected communication attempts from untrusted IP ranges, and a spike in cryptographic error logs or authentication failures within the CryptoLib components.
Compensating Controls: If immediate patching is not feasible (e.g., for in-orbit assets), implement network-level controls as a temporary mitigation. This includes enforcing strict ingress and egress filtering rules on firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to block traffic from all but explicitly trusted ground station sources. Further segmenting the ground network can also help contain a potential breach.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 10, 2026, there are no known public proof-of-concept exploits or active attacks targeting this vulnerability. However, given the criticality of the affected systems, security researchers and threat actors are likely to analyze the patch to develop an exploit.
Analyst Recommendation
Given the high severity score (CVSS 8.2) and the critical role of the affected software in securing spacecraft communications, this vulnerability presents a significant risk to the organization. Although it is not currently listed on the CISA KEV list and no public exploits are available, the potential for catastrophic impact necessitates immediate action. We strongly recommend that the vendor-supplied patches be applied as a top priority. Organizations should also implement the suggested compensating controls and proactive monitoring to defend against potential exploitation attempts.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications...
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
Executive Summary:
A high-severity vulnerability has been identified in CryptoLib software, which is used to secure communications for spacecraft and ground station systems. Successful exploitation could allow a remote attacker to compromise the secure data link, potentially leading to a loss of communication, interception of sensitive telemetry, or injection of malicious commands to the spacecraft.
Vulnerability Details
CVE-ID: CVE-2026-21897
Affected Software: CryptoLib Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A heap-based buffer overflow vulnerability exists within the CryptoLib's implementation of the SDLS-EP protocol. The flaw is triggered when processing a specially crafted, malformed security header in an SDLS-EP frame. An unauthenticated, remote attacker could send this malicious frame to a system (either the spacecraft or ground station) running the vulnerable CryptoLib software. This could lead to a denial of service by crashing the communications process or, under certain conditions, could be leveraged to execute arbitrary code with the privileges of the target application.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.3, reflecting the significant risk it poses to mission-critical operations. Exploitation could lead to a complete compromise of the confidentiality, integrity, and availability of the spacecraft's command and telemetry link. Potential consequences include the interception of sensitive mission data, the injection of unauthorized and potentially destructive commands to the spacecraft, or a total loss of communication. For organizations operating space assets, this translates to a direct risk of mission failure, loss of high-value assets, and significant reputational damage.
Remediation Plan
Immediate Action: All affected systems, including both ground stations and flight systems where feasible, must be patched immediately by applying the security updates provided by CryptoLib. After patching, review system and access logs for any signs of compromise or attempted exploitation that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring of the communication link. Security teams should look for anomalies in network traffic, such as malformed SDLS-EP packets, unexpected connection resets, or data flows from untrusted sources. System logs on affected hosts should be monitored for application crashes, memory fault errors, or other anomalous behavior related to the CryptoLib software.
Compensating Controls: If immediate patching is not possible (e.g., for an in-orbit spacecraft), implement compensating controls. This includes deploying network Intrusion Detection/Prevention Systems (IDS/IPS) with signatures to detect and block malicious SDLS-EP frames. Additionally, enhance network segmentation to strictly limit access to affected ground systems and increase the scrutiny of all commands sent to the spacecraft until patches can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 11, 2026, there is no known public exploit code for this vulnerability. However, given the critical nature of the systems protected by CryptoLib, it is highly likely that sophisticated threat actors, including nation-state groups, will prioritize developing an exploit. The absence of a public exploit should not be interpreted as a low risk of exploitation.
Analyst Recommendation
Given the High severity rating and the critical function of the affected software in securing spacecraft communications, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV catalog, its potential impact warrants treating it with the highest priority. We strongly recommend that the organization immediately apply the vendor-supplied patches to all vulnerable systems. If patching is delayed for any reason, the recommended compensating controls and proactive monitoring must be implemented without delay to mitigate the significant risk of mission compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application...
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a known system service account. The application's login function fails to properly handle the password validation result for these users, effectively granting authenticated access to anyone who knows one of these common usernames and provides any password. As of time of publication, no known patched versions are available.
---METADATA---
VENDOR: ZimaOS
PRODUCT: ZimaOS
AFFECTED_VERSIONS: Up to and including 1.5.0
CONFIDENCE: medium
MISSING: patch
---END_METADATA---
Description Summary:
ZimaOS versions up to 1.5.0 contain an authentication bypass vulnerability where system service account passwords are incorrectly validated, allowing unauthorized access.
Executive Summary:
A critical authentication bypass in ZimaOS versions 1.5.0 and earlier allows attackers to gain administrative access by providing any password for known service accounts.
Vulnerability Details
CVE-ID: CVE-2026-21891
Affected Software: ZimaOS
Affected Versions: Up to and including 1.5.0
Vulnerability: The login function fails to properly validate passwords for known system service accounts. An attacker aware of these usernames can bypass authentication by supplying any arbitrary password, resulting in unauthorized administrative access.
Business Impact
The ability to bypass authentication provides an attacker with full control over the ZimaOS device. This compromises the entire operating environment, potentially leading to unauthorized data access and the deployment of persistent malware on the underlying hardware.
Remediation Plan
Immediate Action: Monitor vendor communications for an available security patch. Until a fix is released, restrict access to the device management interface to trusted internal networks only.
Proactive Monitoring: Review system authentication logs for repeated login attempts or successful logins involving known service account usernames.
Compensating Controls: Disable remote access to the management interface and enforce strong firewall rules to prevent external access to the device.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jan 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This is a critical authentication failure that requires urgent attention. As no patch is currently available, organizations must implement strict network segmentation to mitigate the risk of unauthorized access.
Update ZimaOS is a fork of Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in itsourcecode School Management System 1
A vulnerability was identified in itsourcecode School Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables
---METADATA---
VENDOR: Filigran
PRODUCT: OpenCTI
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability in the OpenCTI platform could allow for unauthorized access or disruption of cyber threat intelligence knowledge management.
Executive Summary:
OpenCTI is affected by a high-severity vulnerability that could compromise the integrity and availability of critical cyber threat intelligence data.
Vulnerability Details
CVE-ID: CVE-2026-21887
Affected Software: Filigran OpenCTI
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: While specific technical details are limited, the vulnerability affects the OpenCTI platform's handling of observables and threat intelligence knowledge. Based on the CVSS score, the flaw likely involves an authentication or authorization bypass that could be leveraged by an attacker.
Business Impact
OpenCTI is a central repository for sensitive threat intelligence; a compromise could lead to the exposure of confidential observables or the corruption of intelligence data used for security decision-making. With a CVSS score of 7.7, this vulnerability poses a high risk to data integrity and organizational reputation, as it affects the primary platform used for managing cyber threats.
Remediation Plan
Immediate Action: Apply the latest security updates provided by Filigran for the OpenCTI platform to mitigate the identified risk.
Proactive Monitoring: Monitor OpenCTI access logs for unusual administrative activity or unauthorized attempts to modify intelligence observables.
Compensating Controls: Restrict access to the OpenCTI web interface to trusted IP ranges and ensure that Multi-Factor Authentication (MFA) is enforced for all users.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 14, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high CVSS score suggests that the technical impact is significant, and administrators should treat this as a high-priority update.
Analyst Recommendation
Organizations relying on OpenCTI for threat intelligence management must apply vendor-supplied patches immediately. Given the platform's role in security operations, maintaining a hardened and updated instance is critical to preventing attackers from gaining insight into or tampering with the organization’s threat landscape data.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
React Router is a router for React
React Router is a router for React
Executive Summary:
A high-severity vulnerability has been identified in React Router, a widely-used component for building web applications. This flaw could allow a remote attacker to manipulate the web server, potentially leading to unauthorized access to internal systems, data theft, or service disruption. Due to the component's popularity, a large number of web applications are at risk and require immediate attention.
Vulnerability Details
CVE-ID: CVE-2026-21884
Affected Software: React Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the routing logic of applications using React Router with server-side rendering (SSR). An unauthenticated remote attacker can craft a malicious URL with a specially encoded path. When the server processes this URL to render the page, the vulnerable component incorrectly interprets the path, causing the back-end server to initiate a network request to an arbitrary destination chosen by the attacker. This can be used to scan internal networks, exfiltrate sensitive data from internal services (like cloud metadata endpoints), or interact with other back-end systems that trust requests originating from the web server.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. Successful exploitation could have a significant negative impact on the business. Potential consequences include the breach of sensitive customer or corporate data, leading to financial loss, reputational damage, and potential regulatory fines. An attacker could also leverage this flaw to pivot deeper into the corporate network, escalating the incident from a single application compromise to a broader network intrusion. The integrity and availability of the application could also be compromised, leading to service outages and loss of customer trust.
Remediation Plan
Immediate Action: Apply vendor security updates immediately across all applications utilizing the affected React Router component. After patching, it is crucial to review web server and application access logs for any requests containing unusual URL encoding or patterns that may indicate prior exploitation attempts.
Proactive Monitoring: Security teams should configure monitoring to detect and alert on anomalous outbound network traffic originating from web servers. Specifically, look for requests to internal IP address ranges, cloud provider metadata services (e.g., 169.254.169.254), or other unexpected internal or external destinations. Log analysis should focus on identifying malformed URI requests that deviate from normal application behavior.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules to block and sanitize requests containing malicious path traversal or URL encoding patterns. Additionally, implement network-level egress filtering on web servers to restrict their ability to make outbound connections, allowing communication only to explicitly approved services.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 11, 2026, there is no known public proof-of-concept exploit code, and the vulnerability is not being actively exploited in the wild. However, due to the high severity and the widespread deployment of React Router, it is highly probable that threat actors will develop exploits for this vulnerability in the near future.
Analyst Recommendation
Given the high-severity rating and the ubiquity of the affected software, this vulnerability presents a critical risk to the organization. Although it is not currently listed on the CISA KEV catalog, its potential for enabling data exfiltration and internal network pivoting warrants immediate action. We strongly recommend that all development and security teams prioritize the deployment of the vendor-provided patches as their highest priority. Do not wait for evidence of active exploitation before remediating this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Executive Summary:
A high-severity vulnerability has been identified in certain deployments of Apache Solr, a popular open-source search platform. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on the server, potentially leading to a full system compromise. Successful exploitation could result in data theft, service disruption, and unauthorized access to the underlying infrastructure.
Vulnerability Details
CVE-ID: CVE-2026-22022
Affected Software: Apache Multiple Products
Affected Versions: Apache Solr 5.x deployments. See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a remote code execution (RCE) flaw within a core component of Apache Solr. An unauthenticated attacker can exploit this by sending a specially crafted HTTP request to a publicly exposed API endpoint. The vulnerability stems from improper input validation and insecure deserialization of user-supplied data, which allows the attacker's payload to be executed with the permissions of the Solr service account.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.2. A successful exploit could lead to a complete compromise of the affected Apache Solr server, posing a significant risk to the business. Potential consequences include the exfiltration of sensitive data stored or indexed by Solr, unauthorized modification or deletion of data, and service-wide denial of service. Furthermore, a compromised server could be used as a foothold to launch further attacks against other systems within the organization's network, escalating the incident's impact and potentially leading to significant reputational damage and financial loss.
Remediation Plan
Immediate Action: Apply vendor security updates immediately. Organizations must prioritize the deployment of the patched versions released by the Apache Software Foundation to all affected Solr instances. After patching, it is critical to monitor for any post-patch exploitation attempts and thoroughly review historical access logs for indicators of compromise that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor network traffic and application logs for suspicious activity targeting Solr servers. Look for unusual or malformed HTTP requests to Solr APIs, particularly those containing serialized Java objects or command-line syntax. Monitor for unexpected processes spawned by the Solr service user or any anomalous outbound network connections from the server.
Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce the risk. Restrict network access to Solr instances at the firewall level, allowing connections only from trusted application servers and administrative hosts. If applicable, deploy a Web Application Firewall (WAF) with rules designed to inspect and block malicious payloads targeting known Solr attack vectors.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of January 23, 2026, there is no known public proof-of-concept exploit code, and we have not observed active exploitation in the wild. However, vulnerabilities of this nature in widely used software are often quickly weaponized by threat actors. The absence of current exploitation should not reduce the urgency of applying the recommended patches.
Analyst Recommendation
Given the High severity (CVSS 8.2) of this remote code execution vulnerability, immediate and decisive action is required. All organizations running the affected versions of Apache Solr must treat this as a critical priority and apply the vendor-provided security updates without delay. Although this CVE is not currently on the CISA KEV list, its severe potential impact makes it a likely candidate for future inclusion. Proactive patching is the most effective defense against the significant operational and security risks posed by this flaw.