MedDream PACS Server 6
Description
MedDream PACS Server 6
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
MedDream PACS Server 6
MedDream PACS Server 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
EasyPMS 1
EasyPMS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
berliCRM 1
berliCRM 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TimeClock Software 1
TimeClock Software 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Ultimate Project Manager CRM PRO 2
Ultimate Project Manager CRM PRO 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attac...
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
Executive Summary:
A critical vulnerability has been identified in multiple Ajenti products, specifically impacting version 2.1.36. This flaw allows a remote attacker who has successfully logged into the Ajenti panel to bypass security controls and execute arbitrary commands on the underlying server, potentially leading to a complete system compromise. Due to the high severity and potential for full remote control, immediate remediation is strongly advised.
Vulnerability Details
CVE-ID: CVE-2020-37002
Affected Software: Ajenti Multiple Products
Affected Versions: Ajenti version 2.1.36 is confirmed to be vulnerable. See vendor advisory for a complete list of affected versions.
Vulnerability: This is a post-authentication command injection vulnerability. An attacker with valid credentials to the Ajenti web panel, regardless of their privilege level, can exploit a flaw in the terminal creation API endpoint (/api/terminal/create). By sending a specially crafted request to this endpoint, the attacker can inject and execute arbitrary system commands, such as launching a netcat reverse shell to gain interactive remote access to the server with the privileges of the Ajenti service account.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the extreme risk it poses to the organization. Successful exploitation could lead to a complete compromise of the affected server, granting the attacker full administrative control. The potential consequences include theft or destruction of sensitive data, deployment of ransomware, disruption of critical business services hosted on the server, and the ability for the attacker to use the compromised system as a pivot point for further attacks into the internal network.
Remediation Plan
Immediate Action: The primary remediation is to upgrade all vulnerable Ajenti instances to the latest patched version immediately. Consult the official Ajenti security advisory for specific version details and patching instructions. After patching, it is crucial to review server and application logs for any signs of compromise that may have occurred before the patch was applied.
Proactive Monitoring: System administrators should actively monitor web server access logs for suspicious POST requests to the /api/terminal/create endpoint. Network monitoring should be configured to detect and alert on unexpected outbound connections from the server hosting Ajenti, which could indicate a reverse shell. Host-based intrusion detection systems (HIDS) can also be used to monitor for unusual process execution or command-line activity originating from the Ajenti service.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
/api/terminal/create endpoint.Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Jan 29, 2026, this vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the critical severity and the public availability of proof-of-concept exploit code, the likelihood of exploitation is high. Threat actors can easily integrate this vulnerability into their toolkits to target exposed and unpatched Ajenti servers.
Analyst Recommendation
Due to the critical severity (CVSS 9.8) and the potential for complete system compromise via remote code execution, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize the patching of all affected Ajenti instances without delay. Although this CVE is not currently on the CISA KEV list, its public nature and severe impact mean it should be treated with the highest urgency, as if it were being actively exploited in the wild. If patching cannot be performed immediately, the compensating controls outlined above must be implemented as an urgent interim measure.
Update Ajenti Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Frigate Professional 3
Frigate Professional 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious W...
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
Executive Summary:
A critical stack buffer overflow vulnerability, identified as CVE-2020-37000, exists within Free MP3 CD Ripper and potentially other products from the vendor. This flaw allows an attacker to gain complete control over a vulnerable Windows system by tricking a user into opening a specially crafted malicious WAV file. Successful exploitation could lead to arbitrary code execution, resulting in a full system compromise.
Vulnerability Details
CVE-ID: CVE-2020-37000
Affected Software: Free Multiple Products, including Free MP3 CD Ripper
Affected Versions: Free MP3 CD Ripper version 2.8. See vendor advisory for other specific affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow that occurs when the affected software processes a WAV audio file. An attacker can craft a malicious WAV file with an oversized data payload that, when opened by a user, overwrites the program's stack. This memory corruption can be leveraged to divert the application's control flow and execute arbitrary code provided by the attacker, using advanced techniques such as a Structured Exception Handler (SEH) bypass and an egghunter to locate and run shellcode.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker full control over the affected user's workstation, equivalent to the user's own access level. This could lead to severe business consequences, including the theft of sensitive corporate or personal data, installation of persistent malware like ransomware or spyware, financial loss, and reputational damage. The compromised system could also be used as a pivot point to launch further attacks against other systems within the corporate network.
Remediation Plan
Immediate Action: Update Free Multiple Products to the latest version. It is crucial to check the vendor's security advisory for specific patch details corresponding to each affected product. In parallel, security teams should actively monitor for exploitation attempts and review access logs for any suspicious activity related to the vulnerable software.
Proactive Monitoring: Implement enhanced monitoring on endpoints where the affected software is installed. Security teams should look for unusual process creation originating from the Free MP3 CD Ripper executable, unexpected network connections, and the presence of suspicious .wav files on systems or in email attachments. Utilize Endpoint Detection and Response (EDR) solutions to detect memory exploitation techniques like SEH overwrites.
Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls to reduce risk. This includes using application whitelisting to prevent the vulnerable software from running, restricting user permissions to limit the impact of a compromise, and providing user awareness training to warn against opening untrusted files from external sources. Additionally, ensure modern endpoint protection with anti-exploitation features is enabled and up-to-date.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Jan 29, 2026, the description of the vulnerability indicates that detailed exploitation techniques, including shellcode, SEH bypass, and egghunter methods, are known. This strongly suggests that a functional public proof-of-concept (PoC) exploit exists. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical severity and the availability of exploit details make it a high-risk vulnerability.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the low complexity required for an attacker to exploit this vulnerability, immediate action is required. Organizations must prioritize identifying all systems with the affected Free software installed and applying the vendor-supplied patches without delay. Due to the potential for complete system compromise from a single user action, this vulnerability poses a significant threat and should be treated as an urgent patching priority.
Update Free Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Elaniin CMS 1
Elaniin CMS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malic...
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.
Executive Summary:
A critical vulnerability has been identified in multiple BacklinkSpeed products, designated CVE-2020-36997. This flaw allows an attacker to take complete control of the application by tricking a user into opening a specially crafted file. Successful exploitation could lead to arbitrary code execution, enabling data theft, malware installation, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2020-36997
Affected Software: BacklinkSpeed Multiple Products
Affected Versions: Version 2.4 is confirmed vulnerable. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is a stack-based buffer overflow that occurs during the file import process. An attacker can create a malicious file with an oversized data field that, when parsed by the application, overwrites the program's execution stack. This overwrite specifically targets the Structured Exception Handler (SEH) chain, a Windows mechanism for handling program errors. By replacing a legitimate SEH address with a pointer to their own malicious code (shellcode), the attacker can hijack the program's control flow and execute arbitrary commands with the permissions of the user running the application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for significant damage. An attacker who successfully exploits this flaw can gain full control over the affected application, leading to a complete compromise of the underlying system. Potential consequences include the theft of sensitive business data processed by the application, installation of ransomware or spyware, and using the compromised machine as a launchpad for further attacks against the internal network. The low complexity of the attack, requiring only user interaction to open a file, increases the risk of successful exploitation.
Remediation Plan
Immediate Action: The primary remediation is to apply the vendor-supplied security patches.
Proactive Monitoring:
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of the publication date of January 29, 2026, proof-of-concept (PoC) exploit code for this vulnerability is publicly available. While this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, the public availability of exploit code significantly increases the likelihood of active exploitation by threat actors. Vulnerabilities involving classic SEH overwrite techniques are well-understood and can be easily weaponized.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the public availability of exploit code, this vulnerability poses a severe and immediate risk to the organization. We strongly recommend that all affected BacklinkSpeed products be patched immediately. This vulnerability should be prioritized with the highest urgency. A comprehensive asset inventory should be conducted to identify all systems running the vulnerable software, and the remediation plan should be executed without delay to prevent potential system compromise.
Update BacklinkSpeed Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Mocha Telnet Lite for iOS 4
Mocha Telnet Lite for iOS 4
Executive Summary:
A high-severity vulnerability has been identified in Mocha Telnet Lite for iOS, which could allow a remote attacker to compromise the user's device. Successful exploitation could lead to unauthorized access to sensitive information or the execution of arbitrary code, posing a significant risk to data confidentiality and system integrity.
Vulnerability Details
CVE-ID: CVE-2020-36995
Affected Software: Mocha Telnet Lite for iOS
Affected Versions: Version 4.0 and potentially prior versions. It is recommended to consult the vendor's security advisory for a complete list of affected versions.
Vulnerability: The vulnerability exists within the Mocha Telnet Lite application when processing data received from a Telnet server. A remote attacker could exploit this by tricking a user into connecting to a malicious Telnet server. The server could then send a specially crafted response that triggers a buffer overflow condition in the client application, potentially leading to arbitrary code execution on the user's iOS device with the privileges of the application.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. If exploited, an attacker could gain control over the user's mobile device, leading to significant business risks. Potential consequences include the theft of sensitive corporate data stored on or accessed by the device, unauthorized access to internal networks the device is connected to, and the potential for the compromised device to be used as a pivot point for further attacks within the organization's infrastructure. This poses a direct threat to data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately. All instances of Mocha Telnet Lite for iOS should be updated to a patched version as soon as possible to mitigate the risk. Additionally, security teams should actively monitor for any signs of exploitation and review relevant access and application logs for suspicious activity.
Proactive Monitoring: Organizations should monitor outbound network traffic from mobile devices running this application for connections to unusual or untrusted IP addresses on the Telnet port (TCP/23). Review application crash logs on iOS devices, as a failed exploitation attempt may cause the application to terminate unexpectedly. Utilize Mobile Device Management (MDM) solutions to detect unauthorized application behavior or configuration changes.
Compensating Controls: If immediate patching is not feasible, consider implementing the following compensating controls: Restrict the use of the application to trusted networks only and prohibit connections to unknown or external Telnet servers. Use a VPN to encrypt all traffic from the device. If the application is not business-critical, consider uninstalling it from all corporate devices until a patch can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 30, 2026, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, due to the high severity and the potential for remote code execution, it is likely that proof-of-concept code will be developed by security researchers or malicious actors. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
Analyst Recommendation
Given the high severity (CVSS 7.5) of this vulnerability and its potential for remote code execution, we strongly recommend that immediate action is taken. All devices with the affected Mocha Telnet Lite application should be identified and patched without delay. Although there is no evidence of active exploitation at this time, the risk of compromise is significant, and organizations should prioritize this remediation effort to prevent potential data breaches and unauthorized network access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Nord VPN 6
Nord VPN 6
Executive Summary:
A high-severity vulnerability has been identified in multiple Nord products, specifically affecting NordVPN version 6. This flaw could allow a local attacker to escalate their privileges on a compromised system, potentially leading to a full system takeover, data theft, and further network intrusion. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this significant risk.
Vulnerability Details
CVE-ID: CVE-2020-36992
Affected Software: Nord Multiple Products
Affected Versions: NordVPN version 6. See vendor advisory for specific affected versions.
Vulnerability: This vulnerability is a local privilege escalation flaw within the NordVPN service component that runs with elevated system permissions. An authenticated, low-privileged local attacker can exploit this by sending a specially crafted inter-process communication (IPC) message to the privileged service. Due to improper input validation, the service can be manipulated into executing arbitrary code or commands with the permissions of the SYSTEM or root user, leading to a complete compromise of the host operating system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could have a severe impact on business operations. An attacker who gains initial low-level access to an endpoint (e.g., through phishing) could leverage this vulnerability to gain full administrative control. This would allow the attacker to disable security controls, install persistent malware such as ransomware or keyloggers, exfiltrate sensitive corporate data, and use the compromised machine as a pivot point to attack other critical systems on the internal network.
Remediation Plan
Immediate Action: Apply vendor security updates immediately across all affected endpoints. The update resolves the vulnerability by implementing proper validation on IPC messages. After patching, it is crucial to monitor for any signs of post-exploitation activity and review system and application access logs for any unusual behavior preceding the patch deployment.
Proactive Monitoring: Security teams should monitor for indicators of compromise, including unexpected process creation originating from the NordVPN service process, unauthorized modifications to system files or configurations, and anomalous outbound network traffic from endpoints running the software. Endpoint Detection and Response (EDR) solutions should be configured to alert on common privilege escalation techniques.
Compensating Controls: If immediate patching is not feasible, organizations should enforce the principle of least privilege to limit the initial attack surface. Employing application whitelisting can prevent the execution of unauthorized code that an attacker might attempt to run after escalating privileges. Enhanced endpoint monitoring and network segmentation can also help contain the impact of a potential compromise.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of January 30, 2026, there are no known public proof-of-concept exploits or observed in-the-wild exploitation of this vulnerability. However, given the high severity and the commonality of this vulnerability class, security researchers are likely to develop and publish exploit code. Threat actors will likely begin reverse-engineering the patch to create functional exploits for use in targeted attacks.
Analyst Recommendation
Due to the high CVSS score of 7.8, this vulnerability presents a significant risk to the organization. A successful exploit grants an attacker complete control over an affected system. We strongly recommend that all system administrators prioritize the immediate deployment of the vendor-supplied patches to all workstations and servers running the affected NordVPN software. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion, and proactive remediation is the most effective defense.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ShareMouse 5
ShareMouse 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Input Director 1
Input Director 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ForensiT AppX Management Service 2
ForensiT AppX Management Service 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Program Access Controller 1
Program Access Controller 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Prey 1
Prey 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
IP Watcher 3
IP Watcher 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
EPSON 1
EPSON 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Quick 'n Easy FTP Service 3
Quick 'n Easy FTP Service 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Motorola Device Manager 2
Motorola Device Manager 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Motorola Device Manager 2
Motorola Device Manager 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SAntivirus IC 10
SAntivirus IC 10
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Atheros Coex Service Application 8
Atheros Coex Service Application 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to p...
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Acer Global Registration Service 1
Acer Global Registration Service 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
EPSON Status Monitor 3 version 8
EPSON Status Monitor 3 version 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Realtek Andrea RT Filters 1
Realtek Andrea RT Filters 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SmartBlog 2
SmartBlog 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Nidesoft 3GP Video Converter 2
Nidesoft 3GP Video Converter 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PMB 5
PMB 5
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
M/Monit 3
M/Monit 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code executio...
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SEH) overwrite and execute arbitrary commands on the target system.
Executive Summary:
A critical buffer overflow vulnerability has been identified in multiple Zortam products, including Zortam Mp3 Media Studio. This flaw allows an attacker to take complete control of a user's computer by tricking them into opening a malicious text file. Successful exploitation could lead to data theft, malware installation, and further network compromise.
Vulnerability Details
CVE-ID: CVE-2020-36967
Affected Software: Zortam Multiple Products
Affected Versions: Zortam Mp3 Media Studio 27.60 is confirmed vulnerable. See vendor advisory for specific affected versions of other products.
Vulnerability: The vulnerability is a classic stack-based buffer overflow that occurs during the library creation process when selecting a file. An attacker can craft a malicious text (.txt) file with an overly long string containing shellcode. When a user opens this file within the vulnerable application, the overflow overwrites the Structured Exception Handler (SEH) chain on the stack, allowing the attacker to redirect program execution to their embedded shellcode, resulting in arbitrary code execution with the privileges of the user running the application.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant risk to the organization. A successful exploit grants an attacker complete control over the affected system, enabling them to execute arbitrary commands. Potential consequences include the theft or exfiltration of sensitive data, deployment of ransomware, installation of persistent backdoors for long-term access, and using the compromised machine as a pivot point to attack other systems on the internal network. The business impact could range from operational disruption and financial loss to severe reputational damage.
Remediation Plan
Immediate Action: Update Zortam Multiple Products to the latest version. Check the vendor security advisory for specific patch details and patched version numbers. After patching, monitor for any residual signs of exploitation and review application and system access logs for suspicious activity preceding the update.
Proactive Monitoring: Security teams should monitor for anomalous process behavior originating from Zortam applications, such as unexpected child processes (e.g., cmd.exe, powershell.exe). Scrutinize application crash logs for exceptions related to the library creation function. Network monitoring should be in place to detect any unusual outbound connections from workstations running this software.
Compensating Controls: If immediate patching is not feasible, consider the following controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Jan 28, 2026, multiple proof-of-concept (PoC) exploits are publicly available for this vulnerability. While the CISA KEV status is "No," the public availability of a simple and reliable exploit for a remote code execution flaw means it is a prime candidate for use in targeted phishing campaigns. The attack requires user interaction, making social engineering the most likely delivery vector.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the public availability of exploit code, this vulnerability must be remediated with the highest priority. We strongly recommend that all affected Zortam products are updated to a patched version immediately. Although this CVE is not currently on the CISA KEV list, its severity and the ease of exploitation present a clear and present danger. All systems running vulnerable versions should be considered at high risk of compromise and should be patched or have compensating controls applied without delay.
Update Zortam Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
docPrint Pro 8
docPrint Pro 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing sp...
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
Executive Summary:
A critical denial of service vulnerability exists in YATinyWinFTP, identified as CVE-2020-36964. An unauthenticated attacker can remotely exploit this flaw by sending a specially crafted command, causing a buffer overflow that crashes the FTP service. This can lead to a complete denial of service, disrupting all file transfer operations and dependent business processes.
Vulnerability Details
CVE-ID: CVE-2020-36964
Affected Software: YATinyWinFTP
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is a buffer overflow that occurs when the YATinyWinFTP service processes a malformed command. A remote, unauthenticated attacker can connect to the FTP server and send a 272-byte buffer that includes a trailing space. The application fails to properly validate the input length, leading to a buffer overflow condition that overwrites adjacent memory, causing the service to crash and resulting in a denial of service.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8, indicating a severe risk to the organization. Successful exploitation allows any remote attacker to repeatedly crash the FTP service, making it unavailable for legitimate users and disrupting critical file transfer workflows. The high CVSS score suggests that while the immediate described impact is denial of service, the underlying buffer overflow could potentially be leveraged by a skilled attacker to achieve arbitrary code execution, which would lead to a complete compromise of the affected server.
Remediation Plan
Immediate Action: Immediately update YATinyWinFTP to the latest version provided by the vendor to patch this vulnerability. After patching, monitor for any further exploitation attempts and review historical access logs for indicators of compromise related to this flaw.
Proactive Monitoring: Implement monitoring on the affected FTP server to detect and alert on signs of exploitation. Specifically, monitor for repeated or unexpected service crashes and restarts. Network monitoring should be configured to flag incoming FTP commands that are unusually long or match the specific 272-byte pattern associated with this exploit.
Compensating Controls: If patching cannot be immediately applied, restrict network access to the FTP service to only trusted IP addresses using a firewall. Consider deploying an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking FTP-based buffer overflow attacks. If the FTP service is not essential, consider disabling it entirely until it can be patched.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Jan 28, 2026, proof-of-concept (PoC) exploit code is publicly available and trivial to execute. The simplicity of the exploit increases the likelihood of its integration into automated scanning tools and opportunistic attacks. While there are no reports of widespread, targeted campaigns leveraging this vulnerability, its public nature makes unpatched systems highly susceptible to attack.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the availability of a simple public exploit, this vulnerability requires immediate attention. We strongly recommend that organizations identify all instances of YATinyWinFTP in their environment and apply the vendor-supplied patch without delay. Although this vulnerability is not currently on the CISA KEV list, its potential for significant business disruption warrants treating it with the highest priority.
Update YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Intelbras Router RF 301K firmware version 1
Intelbras Router RF 301K firmware version 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas du...
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.
---METADATA---
VENDOR: Tendenci
PRODUCT: Tendenci
AFFECTED_VERSIONS: 12.3.1
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
Tendenci 12.3.1 is vulnerable to CSV formula injection via the contact form message field, allowing arbitrary command execution when exported files are opened in spreadsheet software.
Executive Summary:
A critical CSV formula injection vulnerability in Tendenci 12.3.1 allows unauthenticated attackers to achieve arbitrary command execution on systems that process exported contact form data.
Vulnerability Details
CVE-ID: CVE-2020-36962
Affected Software: Tendenci
Affected Versions: 12.3.1
Vulnerability: This vulnerability involves improper neutralization of input in the contact form message field. An unauthenticated attacker can submit malicious CSV formulas that execute system commands when the exported data is opened by an administrator in a spreadsheet application.
Business Impact
The exploitation of this vulnerability poses a severe risk to organizational security, as it facilitates remote code execution (RCE) on the systems of personnel who process the exported data. Given the CVSS score of 9.8, this represents a critical threat that could lead to full system compromise, data theft, and unauthorized persistence within the internal network.
Remediation Plan
Immediate Action: Update Tendenci to the latest available version as specified by the vendor's security advisory.
Proactive Monitoring: Inspect contact form submissions for suspicious characters, particularly those starting with '=', '+', '-', or '@', which are indicative of formula injection attempts.
Compensating Controls: Configure spreadsheet applications to disable automatic formula execution and utilize a Web Application Firewall (WAF) to filter malicious payloads from incoming form submissions.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jan 28, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly severe due to the potential for RCE via simple user input. Administrators must prioritize updating the software and implement strict input validation on all web forms to prevent malicious payloads from being stored or exported.
Update Tendenci Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbit...
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
Executive Summary:
A critical buffer overflow vulnerability, identified as CVE-2020-36961, exists in multiple software products, including 10-Strike Network Inventory Explorer. This flaw allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted malicious file. Successful exploitation results in a complete compromise of the affected system, posing a severe risk to data confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2020-36961
Affected Software: Unknown Multiple Products
Affected Versions: 10-Strike Network Inventory Explorer version 8.65 is confirmed to be affected. Other products and versions may also be vulnerable; see vendor advisories for a complete list.
Vulnerability: This vulnerability is a classic stack-based buffer overflow that occurs within the application's exception handling routine. An attacker can craft a malicious file containing an overly long data string (e.g., 209 bytes of padding) that, when processed by the vulnerable software, overwrites the program's stack. By including a specially constructed Structured Exception Handler (SEH) record in the malicious payload, the attacker can overwrite the default exception handler's address, redirecting the program's execution flow to their own malicious code when an exception is triggered.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation leads to remote code execution (RCE) with the privileges of the user running the application. This could allow an attacker to take complete control of the affected workstation or server, leading to severe consequences such as data theft, installation of ransomware, deployment of persistent backdoors, or using the compromised system to pivot and attack other internal network resources. The potential business impact includes major data breaches, significant operational disruption, and reputational damage.
Remediation Plan
Immediate Action: Organizations must identify all instances of the affected software and immediately apply the vendor-supplied security updates. The primary remediation is to update Unknown Multiple Products to the latest version.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes monitoring for the creation of suspicious files on endpoints, unexpected child processes spawned by the affected software, and anomalous outbound network traffic from systems running the vulnerable application. Review application and system logs for crash reports or exception handling events that could indicate a failed exploitation attempt.
Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. These include using Endpoint Detection and Response (EDR) solutions capable of detecting and blocking SEH overwrite exploitation techniques, enforcing application whitelisting to prevent the execution of unauthorized code, and restricting user permissions to limit the impact of a potential compromise.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the published date of Jan 28, 2026, this vulnerability is publicly disclosed, and the detailed description of the exploit mechanism (specific padding size and SEH manipulation) indicates that a functional proof-of-concept exploit is available. While this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, the availability of a public exploit significantly increases the likelihood of it being adopted by threat actors.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the availability of a public exploit, this vulnerability poses an immediate and severe threat. We strongly recommend that organizations prioritize the patching of this vulnerability across all affected systems without delay. Due to the risk of full system compromise, this issue should be treated as an urgent security priority. All remediation and monitoring actions should be tracked to completion to prevent exploitation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
IDT PC Audio 1
IDT PC Audio 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Kite 1
Kite 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PDF Complete 3
PDF Complete 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
MiniTool ShadowMaker 3
MiniTool ShadowMaker 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system priv...
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Phpscript-sgh 0
Phpscript-sgh 0
Executive Summary:
A high-severity vulnerability, identified as CVE-2020-36951, exists in multiple products utilizing the phpscript-sgh component. This flaw allows an unauthenticated attacker to inject malicious SQL commands via the web interface, potentially leading to a complete compromise of the application's database, theft of sensitive data, and unauthorized system access.
Vulnerability Details
CVE-ID: CVE-2020-36951
Affected Software: Unknown Multiple Products (specifically those using the phpscript-sgh component)
Affected Versions: Version 0 of phpscript-sgh. See vendor advisory for specific affected products and versions.
Vulnerability: This vulnerability is a classic SQL Injection. The admin.php file of the affected component fails to properly sanitize user-supplied input in the 'username' parameter. An unauthenticated remote attacker can submit a specially crafted SQL query to this parameter on the administration login page. A successful exploit can bypass authentication mechanisms and allow the attacker to execute arbitrary SQL commands on the backend database, enabling them to read, modify, or delete data, and potentially escalate privileges to gain control over the application server.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.2. Successful exploitation could lead to a severe data breach, exposing sensitive customer information, financial records, or intellectual property. The consequences include direct financial loss, reputational damage, and potential regulatory fines for non-compliance with data protection standards. Furthermore, the loss of data integrity could disrupt business operations, and if the compromised database account has excessive privileges, the attacker could pivot to gain deeper access into the corporate network.
Remediation Plan
Immediate Action: Organizations must prioritize applying security updates released by the respective product vendors to patch this vulnerability. Until patches are applied, it is critical to monitor for potential exploitation attempts by closely reviewing web server and database access logs for indicators of compromise.
Proactive Monitoring: Security teams should actively monitor for exploitation attempts by:
admin.php containing SQL keywords (SELECT, UNION, OR, '--, #) or boolean logic (' OR 1=1) in the username parameter.Compensating Controls: If immediate patching is not feasible, the following controls can help mitigate the risk:
admin.php page, allowing connections only from trusted IP addresses.Exploitation Status
Public Exploit Available: true
Analyst Notes: As of January 28, 2026, a public proof-of-concept exploit for this vulnerability is widely available and has been for several years. Due to the ease of exploitation and the availability of public code, this vulnerability is likely being leveraged by opportunistic threat actors in automated scans. While this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity and public exploitability still make it an attractive target.
Analyst Recommendation
Given the high CVSS score of 8.2 and the confirmed availability of a public exploit, this vulnerability requires immediate attention. We strongly recommend that security and IT teams urgently identify all assets running software that incorporates the phpscript-sgh component. These systems should be patched immediately. If patching is delayed, compensating controls such as WAF implementation and access restrictions must be deployed without delay. Furthermore, a threat hunt should be initiated to search for any historical signs of compromise related to this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TapinRadio 2
TapinRadio 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attack...
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
Executive Summary:
A critical vulnerability has been identified in VestaCP, a popular web hosting control panel. This flaw allows remote attackers to bypass authentication and gain unauthorized access to user accounts by manipulating session tokens, potentially leading to a complete compromise of the web server and the data it hosts. Due to the high severity and ease of exploitation, immediate remediation is required to prevent unauthorized access and potential data breaches.
Vulnerability Details
CVE-ID: CVE-2020-36948
Affected Software: VestaCP Multiple Products
Affected Versions: Version 0.9.8-26 and potentially prior versions. See vendor advisory for specific affected versions.
Vulnerability: The vulnerability exists within the LoginAs module of the VestaCP software. The application fails to sufficiently validate session authentication tokens, creating a security flaw. A remote, unauthenticated attacker can craft and submit a malicious request with a manipulated token to impersonate a legitimate user, thereby bypassing standard authentication mechanisms and gaining access to the user's account without requiring valid credentials or administrative privileges.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation grants an attacker unauthorized administrative access to the VestaCP control panel. This can lead to severe business consequences, including the theft or modification of sensitive data, website defacement, installation of malware or ransomware on the server, and complete disruption of web services. A compromise of the control panel effectively hands control of the underlying server and all hosted applications to the attacker, posing a significant risk to data confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: Update VestaCP Multiple Products to the latest version. Check the official vendor security advisory for specific patch details and installation instructions. After patching, monitor for any exploitation attempts and thoroughly review historical access logs for signs of compromise.
Proactive Monitoring: Security teams should actively monitor for anomalies in VestaCP access logs. Specifically, look for multiple failed login attempts followed by a successful login from an unusual IP address, or any direct access or usage of the LoginAs functionality from non-administrative sources. Monitor server resources for unexpected processes, network connections, or file modifications that could indicate a post-exploitation payload.
Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:
LoginAs feature is not required for business operations, disable the module entirely.Exploitation Status
Public Exploit Available: True
Analyst Notes: As of January 27, 2026, this vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given its critical severity and the public availability of proof-of-concept (PoC) exploit code, the likelihood of opportunistic or targeted exploitation is high. Unpatched, internet-facing VestaCP instances are considered low-hanging fruit for attackers.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the availability of public exploits, this vulnerability poses an immediate and severe threat to the organization. The potential for a full server compromise necessitates urgent action. We strongly recommend that all affected VestaCP instances be patched immediately without delay. Systems that cannot be patched should be isolated from the internet or protected by compensating controls until remediation can be completed.
Update VestaCP Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
LibreNMS 1
LibreNMS 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SyncBreeze 10
SyncBreeze 10
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by...
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials
Apply vendor patches immediately. Review database access controls and enable query logging.
aSc TimeTables 2021
aSc TimeTables 2021
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Executive Summary:
A high-severity vulnerability exists within multiple PACS products, specifically identified in MedDream PACS Server. This flaw allows an unauthenticated attacker to gain unauthorized access to the underlying database, potentially leading to a significant breach of sensitive Protected Health Information (PHI) and disruption of clinical services. Immediate patching is required to mitigate the risk of data exfiltration and regulatory non-compliance.
Vulnerability Details
CVE-ID: CVE-2020-37009
Affected Software: PACS Multiple Products
Affected Versions: MedDream PACS Server 6. See vendor advisory for a complete list of affected products and versions.
Vulnerability: The vulnerability is an unauthenticated SQL Injection flaw in the login functionality of the MedDream PACS Server. An attacker can exploit this by sending a specially crafted HTTP request to the login page, manipulating the username parameter with malicious SQL commands. Because the application fails to properly sanitize this user-supplied input, the attacker's commands are executed directly by the database, allowing them to bypass authentication and gain unauthorized access to view, modify, or delete sensitive patient data stored within the PACS system.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have severe consequences for the organization, including a major breach of Protected Health Information (PHI), which violates regulatory compliance standards like HIPAA. This can result in substantial financial penalties, legal action, and significant reputational damage. Furthermore, an attacker could potentially alter or delete patient imaging data, directly impacting patient care and disrupting critical clinical workflows that rely on the PACS system.
Remediation Plan
Immediate Action: Apply vendor-supplied security updates to all affected PACS servers immediately. Prioritize these systems for patching due to the high severity of the vulnerability. After patching, review server and database access logs for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should inspect web server and database logs for suspicious queries, particularly against login pages, that contain SQL syntax such as
UNION,SELECT,' OR '1'='1, or other common injection payloads. Monitor network traffic for unusual data egress from the PACS server, which could indicate data exfiltration.Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with a ruleset configured to detect and block SQL injection attacks. Additionally, restrict network access to the PACS server's management interface, allowing connections only from trusted internal IP addresses to limit the attack surface.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of January 31, 2026, proof-of-concept (PoC) exploit code for this vulnerability is publicly available. The availability of a working exploit significantly increases the likelihood of attack attempts by a wide range of threat actors. While this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its presence in medical systems and the availability of an exploit make it an attractive target for attackers seeking to steal sensitive healthcare data.
Analyst Recommendation
Given the high CVSS score, the critical nature of the affected systems (PACS), and the public availability of exploit code, this vulnerability poses a significant and immediate risk to the organization. We strongly recommend that the vendor-supplied patches be applied on an emergency basis. If patching is delayed for any reason, compensating controls such as a WAF and network access restrictions must be implemented without delay to reduce the risk of a data breach involving sensitive patient information.