Wacom WTabletService 6
Description
Wacom WTabletService 6
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17282 vulnerabilities with AI analyst insights
Wacom WTabletService 6
Wacom WTabletService 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Adaware Web Companion version 4
Adaware Web Companion version 4
---METADATA---
VENDOR: Adaware
PRODUCT: Web Companion
AFFECTED_VERSIONS: Version 4; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Adaware Web Companion version 4 contains a high-severity security vulnerability that could allow for unauthorized system modifications. The flaw affects the software's ability to protect web traffic.
Executive Summary:
A significant security vulnerability in Adaware Web Companion version 4 could allow an attacker to bypass web protections and compromise the host system.
Vulnerability Details
CVE-ID: CVE-2019-25287
Affected Software: Adaware Web Companion
Affected Versions: Version 4
Vulnerability: This vulnerability affects Adaware Web Companion version 4. Given its CVSS score of 7.8, the flaw likely involves a local privilege escalation or an insecure update mechanism, which could be exploited to execute unauthorized code with high privileges on the user's machine.
Business Impact
The compromise of a web security tool is a serious risk, as it can be used to facilitate further attacks, such as man-in-the-middle (MitM) interceptions or the redirection of users to malicious websites. This could lead to the theft of sensitive credentials and the infection of the corporate network with malware.
Remediation Plan
Immediate Action: Users should update Adaware Web Companion to the latest version immediately or uninstall version 4 if it is no longer required for business operations.
Proactive Monitoring: Monitor for unauthorized changes to browser settings, proxy configurations, or the installation of unexpected root certificates.
Compensating Controls: Use enterprise-grade web filtering and endpoint protection platforms that provide more robust security and are subject to frequent, automated updates.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. The age of this vulnerability (2019) combined with its late disclosure makes it a prime candidate for inclusion in automated exploitation tools.
Analyst Recommendation
We recommend that organizations minimize the use of third-party web "companions" in favor of built-in browser security features and enterprise-managed security suites. If this software is necessary, it must be updated immediately to the latest secure version to mitigate the identified high-severity risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GCafé 3
GCafé 3
---METADATA---
VENDOR: Garena
PRODUCT: GCafé
AFFECTED_VERSIONS: Version 3; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Garena GCafé 3 is affected by a high-severity security vulnerability that could lead to unauthorized administrative access. The flaw impacts the management of café networks.
Executive Summary:
GCafé 3 contains a high-severity security vulnerability that could allow an attacker to compromise the management server and all connected client systems.
Vulnerability Details
CVE-ID: CVE-2019-25286
Affected Software: Garena GCafé
Affected Versions: Version 3
Vulnerability: This vulnerability affects GCafé 3, a management solution for internet cafés. With a CVSS score of 7.8, the flaw likely involves an authentication bypass or a remote code execution vulnerability in the client-service communication protocol, potentially allowing an attacker to take control of the network.
Business Impact
An exploit could lead to the theft of user credentials, the unauthorized modification of billing records, and the distribution of malware to all users of the café. This represents a catastrophic risk to the business's reputation and the security of its customers' personal information.
Remediation Plan
Immediate Action: Update GCafé to the latest secure version provided by Garena and ensure that the management server is properly firewalled.
Proactive Monitoring: Review system and application logs for unauthorized administrative actions or unexpected network traffic on the GCafé service ports.
Compensating Controls: Isolate the GCafé management network from other business operations and implement strong network segmentation to limit the impact of a potential compromise.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. However, management software is a high-value target for attackers looking to compromise multiple endpoints simultaneously.
Analyst Recommendation
Given the high CVSS score and the centralized control exercised by GCafé 3, this vulnerability must be addressed immediately. We recommend a full security audit of the GCafé environment and the immediate application of all available security patches.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Alps Pointing-device Controller 8
Alps Pointing-device Controller 8
---METADATA---
VENDOR: Alps Alpine
PRODUCT: Pointing-device Controller
AFFECTED_VERSIONS: Version 8; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Alps Pointing-device Controller 8 contains a high-severity vulnerability that could allow for local privilege escalation. This flaw resides in the driver-level software.
Executive Summary:
A critical security flaw in the Alps Pointing-device Controller 8 could allow a local attacker to gain elevated system privileges.
Vulnerability Details
CVE-ID: CVE-2019-25285
Affected Software: Alps Alpine Pointing-device Controller
Affected Versions: Version 8
Vulnerability: This vulnerability affects the Alps Pointing-device Controller version 8, which typically operates with high system privileges. The CVSS score of 7.8 suggests a flaw—likely an insecure IOCTL or file permission issue—that allows a low-privileged user to execute code in the context of the SYSTEM account.
Business Impact
A successful exploit of this driver-level vulnerability would allow an attacker to bypass all local security controls, install persistent malware, and access any data on the affected machine. In a corporate environment, this facilitates lateral movement and the compromise of sensitive endpoint data.
Remediation Plan
Immediate Action: Administrators should deploy the latest driver updates from the hardware manufacturer or the device OEM (e.g., Dell, HP, Lenovo) to resolve this vulnerability.
Proactive Monitoring: Monitor for suspicious activity originating from driver-related processes and use endpoint security tools to detect unauthorized attempts to escalate privileges.
Compensating Controls: Implement the principle of least privilege (PoLP) and ensure that users do not have administrative rights on their local workstations, which limits the initial attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. Driver-based vulnerabilities are frequently used in "living-off-the-land" attacks to gain persistence on compromised systems.
Analyst Recommendation
Because this vulnerability exists at the driver level, it poses a significant threat to system integrity. We recommend that organizations automate the patching of hardware drivers alongside standard software updates to ensure these critical components are secured.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Shrew Soft VPN Client 2
Shrew Soft VPN Client 2
---METADATA---
VENDOR: Shrew Soft
PRODUCT: Shrew Soft VPN Client 2
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Shrew Soft VPN Client 2 is vulnerable to a high-severity security flaw that could lead to local privilege escalation or the compromise of secure network tunnels.
Executive Summary:
Shrew Soft VPN Client 2 contains a high-severity vulnerability that could allow an attacker to compromise secure remote access and gain elevated system rights.
Vulnerability Details
CVE-ID: CVE-2019-25283
Affected Software: Shrew Soft Shrew Soft VPN Client 2
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability in Shrew Soft VPN Client 2, which has a CVSS score of 7.8, typically involves issues with the service's handling of local system privileges or vulnerabilities in the IKE daemon. An attacker could exploit this to gain higher-level access to the host Windows machine.
Business Impact
A compromise of the VPN client can lead to the theft of VPN credentials and subsequent unauthorized access to the corporate internal network. The 7.8 CVSS score indicates a high risk, particularly for organizations that still rely on this legacy client for IPsec VPN connectivity.
Remediation Plan
Immediate Action: Replace Shrew Soft VPN Client 2 with a modern, supported IPsec client or migrate to a different VPN technology (such as WireGuard or OpenVPN) that is actively maintained.
Proactive Monitoring: Check for unauthorized modifications to the Windows Registry or the VPN client's configuration files that could indicate an exploitation attempt.
Compensating Controls: Use strict network segmentation and Multi-Factor Authentication (MFA) at the VPN gateway to limit the impact of a compromised endpoint.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. Shrew Soft VPN Client has not been updated in many years, making it increasingly susceptible to modern exploitation techniques.
Analyst Recommendation
The 7.8 CVSS score and the legacy status of Shrew Soft VPN Client 2 make it a significant liability. Security teams should prioritize the decommissioning of this software across the enterprise and transition users to modern, secure remote access alternatives.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET paramete...
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.
---METADATA---
VENDOR: V-SOL
PRODUCT: GPON/EPON OLT Platform
AFFECTED_VERSIONS: v2.03
CONFIDENCE: high
MISSING: patch, exploit_status
---END_METADATA---
Description Summary:
V-SOL GPON/EPON OLT Platform v2.03 is susceptible to an open redirect vulnerability via the 'parent' GET parameter, enabling attackers to redirect authenticated users to arbitrary malicious sites.
Executive Summary:
An open redirect vulnerability in the V-SOL GPON/EPON OLT Platform allows attackers to perform phishing or redirection attacks against authenticated users.
Vulnerability Details
CVE-ID: CVE-2019-25282
Affected Software: V-SOL GPON/EPON OLT Platform
Affected Versions: v2.03
Vulnerability: This is an open redirect vulnerability located in the platform's script mechanism. It allows an attacker to manipulate the 'parent' GET parameter, requiring the victim to be logged into the platform for the attack to succeed.
Business Impact
The exploitation of this vulnerability could lead to successful social engineering and phishing attacks, as users may be directed to malicious infrastructure while appearing to remain on a trusted domain. With a CVSS score of 9.8, the potential for high-impact credential theft or malware delivery is significant, posing a severe risk to organizational network integrity and user security.
Remediation Plan
Immediate Action: Contact the vendor (V-SOL) to obtain the latest firmware or software update that addresses input validation flaws in the redirection script.
Proactive Monitoring: Audit web server access logs for anomalous GET requests containing suspicious 'parent' parameter strings.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to inspect and sanitize the 'parent' parameter or restrict redirection targets to an approved allow-list.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Jan 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this flaw, administrators must prioritize the remediation of the redirection logic. Organizations should ensure that all users are cautioned against clicking suspicious links originating from the OLT management interface until a patch is applied.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
NCP Secure Entry Client 9
NCP Secure Entry Client 9
---METADATA---
VENDOR: NCP engineering
PRODUCT: NCP Secure Entry Client
AFFECTED_VERSIONS: Version 9; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
NCP Secure Entry Client 9 is affected by a high-severity vulnerability that could compromise VPN tunnel security. This flaw could allow for unauthorized access to internal network resources.
Executive Summary:
A high-severity vulnerability in NCP Secure Entry Client 9 could allow an attacker to bypass VPN security controls and gain unauthorized access to protected networks.
Vulnerability Details
CVE-ID: CVE-2019-25281
Affected Software: NCP engineering NCP Secure Entry Client
Affected Versions: Version 9
Vulnerability: This vulnerability affects the NCP Secure Entry Client 9, a critical component for secure remote access. With a CVSS score of 7.8, the flaw likely involves a failure in the authentication process or a local privilege escalation that could allow an attacker to manipulate VPN configurations or intercept secure traffic.
Business Impact
The compromise of a VPN client is a high-impact event that can lead to unauthorized entry into the corporate backbone. This could result in large-scale data breaches, the compromise of internal servers, and a total loss of trust in the organization's remote access infrastructure.
Remediation Plan
Immediate Action: Update all installations of the NCP Secure Entry Client to the latest version immediately to close the identified security gap.
Proactive Monitoring: Audit VPN access logs for anomalous connection patterns, such as logins from unusual locations or multiple failed authentication attempts followed by a successful one.
Compensating Controls: Implement certificate-based authentication and strict endpoint posture checking to ensure only authorized and healthy devices can establish a VPN connection.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. Given the role of this software in securing remote work, it is highly likely to be targeted by sophisticated threat actors.
Analyst Recommendation
Securing remote access is vital for modern business operations. We strongly recommend that organizations prioritize the update of the NCP Secure Entry Client to mitigate this high-severity risk and maintain the confidentiality of their internal networks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FaceSentry Access Control System 6
FaceSentry Access Control System 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FaceSentry Access Control System 6
FaceSentry Access Control System 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Studio 5000 Logix Designer 30
Studio 5000 Logix Designer 30
---METADATA---
VENDOR: Rockwell Automation
PRODUCT: Studio 5000 Logix Designer
AFFECTED_VERSIONS: Version 30; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Rockwell Automation Studio 5000 Logix Designer version 30 contains a high-severity vulnerability that could impact industrial control system (ICS) configuration and security.
Executive Summary:
A high-severity vulnerability in Rockwell Automation Studio 5000 Logix Designer version 30 could allow an attacker to compromise critical industrial control system engineering workstations.
Vulnerability Details
CVE-ID: CVE-2019-25276
Affected Software: Rockwell Automation Studio 5000 Logix Designer
Affected Versions: Version 30
Vulnerability: This vulnerability affects version 30 of the Studio 5000 Logix Designer software. While specific technical details are limited in this late disclosure, the High CVSS score suggests a flaw that could allow an attacker to interfere with the engineering of programmable logic controllers (PLCs).
Business Impact
In an industrial environment, a compromise of the engineering workstation is critical. An attacker could potentially modify PLC logic, leading to operational downtime, physical equipment damage, or safety risks. The CVSS score of 7.8 underscores the significant risk to critical infrastructure and manufacturing operations.
Remediation Plan
Immediate Action: Apply the latest security updates or firmware patches provided by Rockwell Automation for Studio 5000 Logix Designer version 30.
Proactive Monitoring: Monitor network traffic between engineering workstations and PLCs for unauthorized configuration changes or anomalous communication patterns.
Compensating Controls: Ensure engineering workstations are isolated in a secure management VLAN and utilize multi-factor authentication for all access to the ICS environment.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. However, because this affects ICS software, the potential impact on physical operations makes it a high-priority concern for OT security teams.
Analyst Recommendation
We recommend that OT and IT security teams collaborate to patch affected engineering workstations immediately. Maintaining the integrity of the Studio 5000 environment is essential for the safe and reliable operation of industrial processes.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
BartVPN 1
BartVPN 1
---METADATA---
VENDOR: BartVPN
PRODUCT: BartVPN 1
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
BartVPN 1 contains a high-severity vulnerability that could allow an attacker to compromise the secure communication channel or escalate privileges on the host system.
Executive Summary:
BartVPN 1 is affected by a high-severity vulnerability that poses a significant risk to user privacy and local system security.
Vulnerability Details
CVE-ID: CVE-2019-25275
Affected Software: BartVPN BartVPN 1
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects BartVPN 1, a legacy VPN application. With a CVSS score of 7.8, the flaw likely involves improper handling of privileged operations or a weakness in the encryption implementation, potentially allowing an attacker to gain unauthorized control over the VPN session.
Business Impact
The use of vulnerable VPN software can lead to the total compromise of a user's internet traffic, exposing credentials and sensitive data. In a business context, this could facilitate a breach of the corporate network. The 7.8 CVSS score reflects the high potential for damage to data confidentiality and system integrity.
Remediation Plan
Immediate Action: Discontinue the use of BartVPN 1 and migrate to a modern, actively supported VPN solution that receives regular security updates.
Proactive Monitoring: Monitor for suspicious network activity that suggests traffic redirection or man-in-the-middle (MitM) attacks on remote workers.
Compensating Controls: Implement robust endpoint security measures and enforce the use of HTTPS and other application-layer encryption to protect data even if the VPN is compromised.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, legacy VPN software is a common target for attackers due to the lack of modern security mitigations.
Analyst Recommendation
Because BartVPN 1 is outdated and carries a high-severity vulnerability (CVSS 7.8), the most effective remediation is to migrate to a contemporary security product. Organizations should audit their software inventory to identify and remove any remaining installations of this product.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ProShow Producer 9
ProShow Producer 9
---METADATA---
VENDOR: Photodex
PRODUCT: ProShow Producer
AFFECTED_VERSIONS: Version 9; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
ProShow Producer 9 contains a high-severity security vulnerability that could lead to arbitrary code execution. This flaw is particularly dangerous when processing specially crafted project files.
Executive Summary:
ProShow Producer 9 is susceptible to a high-severity security vulnerability that could allow an attacker to execute malicious code on the host system.
Vulnerability Details
CVE-ID: CVE-2019-25274
Affected Software: Photodex ProShow Producer
Affected Versions: Version 9
Vulnerability: This vulnerability resides in ProShow Producer 9. Based on the CVSS score of 7.8, the flaw likely involves a buffer overflow or improper input validation when parsing media files or project templates, allowing for local or remote code execution if a user is tricked into opening a malicious file.
Business Impact
A successful exploit could grant an attacker the same permissions as the logged-in user, potentially leading to the theft of intellectual property, the installation of ransomware, or further lateral movement within the corporate network. Since this software is often used for high-value media production, the risk to sensitive assets is significant.
Remediation Plan
Immediate Action: Since Photodex has ceased operations, users should exercise extreme caution and consider transitioning to a supported alternative. If version 9 must be used, ensure all available patches are applied.
Proactive Monitoring: Monitor endpoint activity for suspicious processes spawned by the ProShow Producer executable, particularly after opening files from external sources.
Compensating Controls: Run the software in a restricted environment or virtual machine (VM) to isolate potential exploits from the primary production network.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation. However, because the vendor is no longer active, this vulnerability will likely remain unpatched on many systems, making it a target for opportunistic attacks.
Analyst Recommendation
The high severity and the "end-of-life" status of the vendor make this a critical risk. We strongly recommend migrating to a modern, supported multimedia production suite to ensure long-term security and to mitigate the risks associated with this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Easy-Hide-IP 5
Easy-Hide-IP 5
---METADATA---
VENDOR: Easy-Hide-IP
PRODUCT: Easy-Hide-IP
AFFECTED_VERSIONS: Version 5; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Easy-Hide-IP 5 is affected by a high-severity security vulnerability that could result in information disclosure or traffic interception. The flaw undermines the core privacy features of the product.
Executive Summary:
A significant security vulnerability in Easy-Hide-IP 5 could allow attackers to bypass privacy protections and intercept user network traffic.
Vulnerability Details
CVE-ID: CVE-2019-25273
Affected Software: Easy-Hide-IP Easy-Hide-IP
Affected Versions: Version 5
Vulnerability: This flaw affects Easy-Hide-IP 5, a privacy-focused utility. With a CVSS score of 7.8, the vulnerability likely permits an attacker to bypass the IP masking features or gain local privileges, potentially leading to the exposure of the user's true identity and unencrypted data.
Business Impact
For organizations or individuals relying on this software for anonymity, this vulnerability represents a total failure of the product's primary function. An exploit could lead to the compromise of sensitive communications, the tracking of user activity, and potential legal or safety risks for users in sensitive environments.
Remediation Plan
Immediate Action: Users should immediately update to the latest version of Easy-Hide-IP or discontinue use of version 5 in favor of a more secure alternative.
Proactive Monitoring: Inspect system logs for unauthorized changes to network adapter settings or proxy configurations that may indicate exploitation.
Compensating Controls: Use additional layers of encryption, such as HTTPS and end-to-end encrypted messaging, to protect data even if the IP-hiding layer is compromised.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. The late disclosure of this 2019 flaw highlights the risks associated with using legacy privacy software.
Analyst Recommendation
Privacy software must be flawless to be effective. Given the high severity of this vulnerability, users should prioritize updating the software immediately or migrating to a modern, frequently patched privacy solution to ensure their network traffic remains secure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
TexasSoft CyberPlanet 6
TexasSoft CyberPlanet 6
---METADATA---
VENDOR: TexasSoft
PRODUCT: CyberPlanet
AFFECTED_VERSIONS: Version 6; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
TexasSoft CyberPlanet 6 contains a high-severity security vulnerability that could lead to unauthorized system control. The flaw affects the management capabilities of the software.
Executive Summary:
TexasSoft CyberPlanet 6 is vulnerable to a high-severity security flaw that could allow an attacker to gain unauthorized control over managed client systems.
Vulnerability Details
CVE-ID: CVE-2019-25272
Affected Software: TexasSoft CyberPlanet
Affected Versions: Version 6
Vulnerability: This vulnerability affects CyberPlanet 6, a management software suite. Given the CVSS score of 7.8, the vulnerability likely involves a flaw in the communication protocol or administrative interface, potentially allowing an attacker to execute commands on the server or connected client workstations.
Business Impact
An exploit of this vulnerability could lead to a total compromise of the CyberPlanet environment, allowing an attacker to monitor user activity, steal credentials, or deploy malware across the entire network of managed machines. This poses a massive risk to both operational security and user privacy.
Remediation Plan
Immediate Action: Administrators must update TexasSoft CyberPlanet to the latest version or apply specific security patches to mitigate this vulnerability.
Proactive Monitoring: Monitor network traffic between the CyberPlanet server and clients for unusual command-and-control patterns or unauthorized administrative logins.
Compensating Controls: Restrict access to the CyberPlanet management console to trusted IP addresses and implement strong multi-factor authentication for all administrative accounts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, the centralized nature of management software makes it a highly attractive target for malicious actors.
Analyst Recommendation
Because CyberPlanet 6 has significant control over endpoint systems, this vulnerability must be addressed with the highest urgency. We recommend immediate patching and a thorough review of the software's security configuration to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NETGATE Data Backup 3
NETGATE Data Backup 3
---METADATA---
VENDOR: NETGATE Technologies
PRODUCT: NETGATE Data Backup
AFFECTED_VERSIONS: Version 3; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
NETGATE Data Backup 3 is affected by a security vulnerability that could compromise backup data integrity. The flaw is rated high severity due to its potential impact on data availability.
Executive Summary:
A security flaw in NETGATE Data Backup 3 puts backup archives and system integrity at risk of unauthorized access or modification.
Vulnerability Details
CVE-ID: CVE-2019-25271
Affected Software: NETGATE Technologies NETGATE Data Backup
Affected Versions: Version 3
Vulnerability: This vulnerability involves NETGATE Data Backup 3 and represents a significant risk to the confidentiality and integrity of backed-up information. With a CVSS score of 7.8, the flaw likely permits an attacker to manipulate backup tasks or access sensitive archived data without proper authorization.
Business Impact
The impact of this vulnerability is severe, as it targets the organization's ability to recover from other disasters. A successful exploit could result in the corruption or deletion of critical backups, leading to permanent data loss and an inability to maintain business continuity during a ransomware or system failure event.
Remediation Plan
Immediate Action: Apply the vendor-provided security updates for NETGATE Data Backup 3 immediately to secure the backup environment.
Proactive Monitoring: Review backup logs for any unauthorized job modifications or unexpected access to backup storage repositories.
Compensating Controls: Ensure that backup storage is isolated from the main network (air-gapped or immutable) and that strict access controls are applied to the backup server itself.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. The late disclosure suggests that organizations should audit their legacy software inventory to identify and secure remaining installations of version 3.
Analyst Recommendation
Data backup integrity is a cornerstone of cybersecurity resilience. IT administrators must prioritize the remediation of this vulnerability by patching the software or transitioning to a modern, secure backup solution to ensure that critical organizational data remains protected.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Amiti Antivirus 25
Amiti Antivirus 25
---METADATA---
VENDOR: Amiti Software
PRODUCT: Amiti Antivirus
AFFECTED_VERSIONS: Version 25; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Amiti Antivirus 25 contains a high-severity security flaw that may allow an attacker to bypass security features. This vulnerability could lead to local system compromise.
Executive Summary:
A critical security vulnerability in Amiti Antivirus 25 could allow an attacker to undermine system security and gain elevated privileges.
Vulnerability Details
CVE-ID: CVE-2019-25269
Affected Software: Amiti Software Amiti Antivirus
Affected Versions: Version 25
Vulnerability: This vulnerability affects the core functionality of Amiti Antivirus 25. Given its High severity rating (CVSS 7.8), the flaw likely resides in a high-privilege service or driver component, potentially allowing an attacker to execute unauthorized code or disable security protections.
Business Impact
The compromise of an antivirus solution is particularly damaging as it removes the primary line of defense against other threats. An exploit could lead to full system takeover, the installation of persistent malware, and the theft of sensitive organizational data, resulting in severe reputational and financial damage.
Remediation Plan
Immediate Action: Update Amiti Antivirus to the latest available version immediately to ensure all security patches are applied.
Proactive Monitoring: Monitor system logs for unauthorized changes to security software configurations or the unexpected termination of antivirus service processes.
Compensating Controls: Utilize Endpoint Detection and Response (EDR) tools to provide a layered defense and detect anomalous behavior that may indicate an attempt to exploit security software.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. This is a late disclosure of a 2019 flaw, which increases the likelihood that automated exploit kits may eventually target unpatched legacy systems.
Analyst Recommendation
Maintaining the integrity of security software is paramount for organizational safety. We strongly recommend that all instances of Amiti Antivirus 25 be updated or replaced with a more modern, supported security suite to mitigate the risk posed by this high-severity vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application...
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
Executive Summary:
A critical DLL hijacking vulnerability exists in NREL BEopt version 2.8.0.0. An attacker can exploit this by tricking a user into opening a legitimate application file from a malicious remote network share, which could lead to arbitrary code execution and a complete compromise of the user's system. This vulnerability poses a severe risk to data confidentiality, integrity, and system availability.
Vulnerability Details
CVE-ID: CVE-2019-25268
Affected Software: NREL BEopt Multiple Products
Affected Versions: NREL BEopt 2.8.0.0 is confirmed to be affected. See vendor advisory for a complete list of specific affected versions.
Vulnerability: The NREL BEopt application loads certain Dynamic Link Libraries (DLLs), specifically sdl2.dll and libegl.dll, using an insecure method that does not specify a full, trusted path. An attacker can exploit this by creating a malicious WebDAV or SMB network share and placing a legitimate BEopt project file alongside a malicious version of one of these DLLs. When a user opens the project file from this remote location, the application searches for the required DLLs in the same directory first, inadvertently loading and executing the attacker's malicious library. This results in arbitrary code execution on the victim's machine with the same privileges as the logged-in user.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high potential for severe business impact. Successful exploitation could lead to a full system compromise, allowing an attacker to install malware such as ransomware or spyware, steal sensitive data and intellectual property related to building energy modeling, or use the compromised workstation as a foothold to move laterally within the corporate network. The direct risks include data breaches, financial loss from ransomware, and reputational damage.
Remediation Plan
Immediate Action: Update NREL BEopt Multiple Products to the latest version provided by the vendor to patch the insecure library loading behavior. After patching, monitor for any signs of post-exploitation activity and review system and network access logs for unusual patterns originating from systems running the BEopt software.
Proactive Monitoring: Implement monitoring rules to detect suspicious behavior associated with this vulnerability. Monitor for the BEopt.exe process loading DLLs (sdl2.dll, libegl.dll) from non-standard locations, such as network shares or user profile directories. Scrutinize network logs for unusual outbound SMB (port 445) or WebDAV connections to external IP addresses initiated by end-user workstations.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jan 8, 2026, there are no known public proof-of-concept exploits or active exploitation campaigns specifically targeting this vulnerability. However, DLL hijacking is a well-understood and common attack technique, meaning a knowledgeable attacker could readily develop an exploit. The requirement for user interaction makes this vulnerability a prime candidate for inclusion in targeted spear-phishing campaigns.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability presents a significant risk to the organization. Although it is not currently listed on the CISA KEV catalog, the ease of exploitation combined with the high impact necessitates immediate action. We strongly recommend that all affected instances of NREL BEopt are identified and updated to the latest patched version as the highest priority to prevent potential system compromise and data exfiltration.
Update NREL BEopt Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Wing FTP Server 6
Wing FTP Server 6
---METADATA---
VENDOR: Wing FTP Software
PRODUCT: Wing FTP Server
AFFECTED_VERSIONS: Version 6; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity security vulnerability exists in Wing FTP Server 6 that could allow an attacker to compromise server integrity. The flaw likely involves improper handling of system resources.
Executive Summary:
Wing FTP Server 6 is affected by a high-severity security vulnerability that could lead to unauthorized system access or service disruption.
Vulnerability Details
CVE-ID: CVE-2019-25267
Affected Software: Wing FTP Software Wing FTP Server
Affected Versions: Version 6
Vulnerability: This vulnerability represents a significant security flaw within the Wing FTP Server 6 environment. Based on the CVSS score of 7.8, the issue likely involves a high-impact technical failure, such as improper access control or a local privilege escalation, potentially accessible to an attacker with minimal authentication.
Business Impact
A successful exploit of this vulnerability could result in the unauthorized disclosure of sensitive files, modification of server configurations, or a complete denial of service. With a CVSS score of 7.8, the risk to data confidentiality and system availability is categorized as High, potentially leading to significant operational downtime and regulatory non-compliance regarding data protection.
Remediation Plan
Immediate Action: Administrators should immediately apply the latest security patches provided by Wing FTP Software or upgrade to a currently supported version of the software.
Proactive Monitoring: Security teams should monitor FTP access logs for unusual administrative login attempts or anomalous file transfer patterns that deviate from established baselines.
Compensating Controls: Implementing network-level restrictions, such as IP whitelisting for administrative interfaces and deploying a Web Application Firewall (WAF), can help mitigate the risk of exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and its high severity score, the potential for exploitation remains high, particularly for internet-facing file servers.
Analyst Recommendation
The severity of this vulnerability necessitates immediate remediation to protect organizational data. IT departments must prioritize the update of Wing FTP Server 6 to the most recent secure version to eliminate the attack vector and ensure the continued integrity of file transfer operations.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Wondershare Application Framework Service 2
Wondershare Application Framework Service 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AnyDesk 5
AnyDesk 5
---METADATA---
VENDOR: AnyDesk
PRODUCT: AnyDesk 5
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
AnyDesk 5 is affected by a high-severity security vulnerability that could permit unauthorized access or system compromise. Immediate patching is required for all legacy installations.
Executive Summary:
AnyDesk 5 contains a high-severity vulnerability that poses a significant risk to remote access security and endpoint integrity.
Vulnerability Details
CVE-ID: CVE-2019-25261
Affected Software: AnyDesk AnyDesk 5
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This late-disclosure vulnerability affects AnyDesk 5 and likely involves an authentication or session management flaw common in remote desktop applications. While specific technical details are limited, the CVSS score of 7.8 indicates a high-impact flaw that may allow an attacker to bypass security controls.
Business Impact
The compromise of a remote access tool like AnyDesk is critical, as it can grant an attacker full control over the affected workstation. This could lead to the theft of intellectual property, installation of ransomware, or unauthorized access to internal network resources. The CVSS score of 7.8 reflects the substantial risk to organizational confidentiality and availability.
Remediation Plan
Immediate Action: Update AnyDesk to the latest stable version (v6 or higher) immediately, as AnyDesk 5 is an older branch that may no longer receive comprehensive support.
Proactive Monitoring: Monitor network traffic for unusual AnyDesk connection patterns and audit session logs for unauthorized remote access events.
Compensating Controls: Use Multi-Factor Authentication (MFA) for all AnyDesk connections and restrict access via Access Control Lists (ACLs) to known IP addresses.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. Despite being a late disclosure from 2019, the high severity and the nature of the software make it a target for sophisticated actors seeking persistent access.
Analyst Recommendation
Given the critical role AnyDesk plays in remote infrastructure, users still running version 5 must upgrade to a modern, supported version immediately. The 7.8 CVSS score underscores the urgency of migrating away from vulnerable legacy software to mitigate the risk of unauthorized remote hijacking.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OXID eShop versions 6
OXID eShop versions 6
---METADATA---
VENDOR: OXID eSales
PRODUCT: OXID eShop
AFFECTED_VERSIONS: Version 6; See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
OXID eShop version 6 contains a high-severity vulnerability that may allow for malicious code injection or unauthorized data access. The flaw represents a critical risk to e-commerce integrity.
Executive Summary:
A high-severity vulnerability in OXID eShop version 6 could allow attackers to compromise the e-commerce platform and sensitive customer data.
Vulnerability Details
CVE-ID: CVE-2019-25260
Affected Software: OXID eSales OXID eShop
Affected Versions: Version 6
Vulnerability: The vulnerability exists within OXID eShop version 6. Given the CVSS score and the nature of e-commerce platforms, the flaw likely involves improper input validation or a breakdown in authentication mechanisms, potentially allowing an attacker to execute unauthorized actions.
Business Impact
For e-commerce entities, this vulnerability poses a severe threat to PCI-DSS compliance and customer trust. Exploitation could lead to the theft of personally identifiable information (PII), payment card data, or the complete takeover of the storefront, resulting in significant financial loss and reputational damage. The CVSS score of 8.2 confirms its High severity status.
Remediation Plan
Immediate Action: Upgrade OXID eShop to the latest stable version (6.x branch) or apply the specific security hotfix released by OXID eSales.
Proactive Monitoring: Review database and application logs for suspicious administrative logins or unauthorized changes to the product catalog and checkout pages.
Compensating Controls: Deploy a WAF to filter malicious traffic and restrict access to the administrative backend to known, trusted IP addresses only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. This is a late disclosure for a 2019 entry, which often means the technical details are now being scrutinized by the research community.
Analyst Recommendation
Due to the critical nature of e-commerce security, this 8.2 CVSS vulnerability must be remediated immediately. Organizations running OXID eShop version 6 should verify their patch level and update without delay to mitigate the risk of data theft.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
LogicalDOC Enterprise 7
LogicalDOC Enterprise 7
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
KYOCERA Net Admin 3
KYOCERA Net Admin 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlm...
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
Executive Summary:
A critical authentication bypass vulnerability exists in multiple devolo dLAN products, identified as CVE-2019-25249. This flaw allows unauthenticated remote attackers to gain complete administrative control (root access) of an affected device by enabling hidden services. Successful exploitation could lead to network compromise, data interception, and the ability to use the device to launch further attacks.
Vulnerability Details
CVE-ID: CVE-2019-25249
Affected Software: devolo dLAN Multiple Products
Affected Versions: The vulnerability is confirmed in devolo dLAN 500 AV Wireless+ firmware version 3.1.0-1. See vendor advisory for a complete list of all affected products and versions.
Vulnerability: The vulnerability is an authentication bypass within the htmlmgr CGI script of the device's web management interface. A remote attacker can send a specially crafted HTTP request to this script to manipulate system configuration parameters without requiring any credentials. This allows the attacker to enable disabled, high-privilege services such as telnet and a remote shell. Once enabled, these services provide direct, passwordless root access to the device's underlying operating system, resulting in a complete system compromise.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation of this flaw can have a severe impact on the business. An attacker gaining root access can lead to a complete loss of confidentiality, integrity, and availability for the affected device and the network segment it resides on. Potential consequences include attackers monitoring all network traffic passing through the device, redirecting users to malicious sites, installing persistent backdoors, or using the compromised device as a pivot point to attack other critical assets on the internal network.
Remediation Plan
Immediate Action: The primary remediation is to apply the vendor-supplied security patch. Administrators should immediately update all affected devolo dLAN products to the latest available firmware version obtained from the official devolo support website. After patching, it is crucial to monitor for any signs of post-exploitation activity and thoroughly review device and network access logs for suspicious requests targeting the htmlmgr CGI script.
Proactive Monitoring: Implement network monitoring to detect unusual activity from dLAN devices. Specifically, monitor for unexpected outbound connections or the opening of non-standard ports like telnet (port 23). System administrators should configure logging to capture all requests to the device's web interface and regularly audit these logs for malicious patterns or unauthorized configuration changes.
Compensating Controls: If immediate patching is not possible, implement compensating controls to reduce the risk. Restrict access to the device's web management interface using a firewall, allowing connections only from trusted administrative IP addresses. Isolate the dLAN devices in a segmented network zone to prevent a potential compromise from impacting critical business systems.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Dec 24, 2025, multiple public proof-of-concept (PoC) exploits are widely available for this vulnerability, significantly lowering the technical skill required for an attacker to exploit it. While this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) list, the availability of public exploits combined with the critical severity makes it a high-priority target for remediation.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the public availability of functional exploit code, immediate action is required. We strongly recommend that organizations prioritize the immediate deployment of firmware updates from devolo to all affected dLAN devices. Although this vulnerability is not listed in the CISA KEV catalog, its high impact and ease of exploitation present a significant risk. If patching cannot be performed immediately, implement the recommended compensating controls, such as network segmentation and firewall restrictions, to mitigate the immediate threat.
Update devolo dLAN Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Beward N100 M2
Beward N100 M2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Beward N100 H
Beward N100 H
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Ross Video DashBoard 8
Ross Video DashBoard 8
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FaceSentry 6
FaceSentry 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
FaceSentry Access Control System 6
FaceSentry Access Control System 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attacker...
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
---METADATA---
VENDOR: Rifatron
PRODUCT: 5brid DVR
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch
---END_METADATA---
Description Summary:
An unauthenticated vulnerability in the Rifatron 5brid DVR animate.cgi script allows remote attackers to access live video streams and retrieve sequential snapshots without authorization.
Executive Summary:
An unauthenticated access vulnerability in Rifatron 5brid DVR exposes live video feeds, presenting a severe risk to physical security and data privacy.
Vulnerability Details
CVE-ID: CVE-2019-25240
Affected Software: Rifatron 5brid DVR
Affected Versions: See vendor advisory
Vulnerability: The vulnerability resides in the animate.cgi script within the Mobile Web Viewer module. Unauthenticated attackers can exploit this by specifying channel numbers to retrieve unauthorized video snapshots from the device.
Business Impact
This vulnerability enables unauthorized surveillance, which represents a major breach of physical security and privacy. With a CVSS score of 9.8, the potential for unauthorized access to live video streams poses a catastrophic risk to organizations relying on these systems for facility monitoring and security.
Remediation Plan
Immediate Action: Contact the vendor immediately to obtain the latest firmware update for the 5brid DVR and apply it to all affected units.
Proactive Monitoring: Review device access logs for unauthorized attempts to access the animate.cgi script or anomalous requests directed at the Mobile Web Viewer module.
Compensating Controls: Isolate DVR devices on a restricted, non-routable management VLAN and ensure they are not directly accessible from the public internet without a secure VPN.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 24, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this issue necessitates immediate remediation to prevent unauthorized visual access to monitored areas. Organizations must prioritize updating the firmware and implementing network-level isolation to mitigate the risk until a vendor-supplied patch is successfully deployed.
Update Rifatron Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
V-SOL GPON/EPON OLT Platform 2
V-SOL GPON/EPON OLT Platform 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulatin...
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user_role_mod' set to integer value '1' to elevate their privileges.
---METADATA---
VENDOR: V-SOL
PRODUCT: GPON/EPON OLT Platform
AFFECTED_VERSIONS: 2.03
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A privilege escalation vulnerability in the V-SOL GPON/EPON OLT Platform v2.03 allows authenticated users to gain administrative access by manipulating the user role parameter.
Executive Summary:
A critical privilege escalation vulnerability in the V-SOL GPON/EPON OLT Platform allows standard users to elevate their privileges to administrator, leading to full system control.
Vulnerability Details
CVE-ID: CVE-2019-25237
Affected Software: V-SOL GPON/EPON OLT Platform
Affected Versions: 2.03
Vulnerability: The vulnerability exists in the user management endpoint where the system fails to properly validate the 'user_role_mod' parameter. By sending a crafted HTTP POST request with this parameter set to '1', an authenticated user can escalate their account to an administrative level.
Business Impact
Successful exploitation allows an attacker with low-level access to gain full administrative control over the OLT platform. Given the 9.8 CVSS score, this represents a complete compromise of the network infrastructure managed by this platform, potentially impacting all downstream services and users.
Remediation Plan
Immediate Action: Update the V-SOL GPON/EPON OLT Platform to the latest version provided by the vendor to remediate the privilege escalation flaw.
Proactive Monitoring: Monitor authentication and user management logs for suspicious HTTP POST requests targeting the user management endpoint.
Compensating Controls: Restrict access to the management interface to trusted administrative IP addresses and enforce multi-factor authentication (MFA) if supported by the platform.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Dec 24, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability allows for the total takeover of critical network infrastructure and must be treated with the highest priority. Administrators should apply the vendor-recommended update immediately and audit existing user accounts for any unauthorized modifications to role assignments.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. A...
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/get_jpeg endpoint without authentication.
---METADATA---
VENDOR: iSeeQ
PRODUCT: Hybrid DVR WH-H4
AFFECTED_VERSIONS: 1.03R
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
The iSeeQ Hybrid DVR WH-H4 contains an unauthenticated vulnerability in the get_jpeg script, allowing unauthorized access to live video streams via the /cgi-bin/get_jpeg endpoint.
Executive Summary:
An unauthenticated security vulnerability in iSeeQ Hybrid DVR WH-H4 allows unauthorized access to live video streams, posing a critical risk to physical and digital surveillance integrity.
Vulnerability Details
CVE-ID: CVE-2019-25236
Affected Software: iSeeQ Hybrid DVR WH-H4
Affected Versions: 1.03R
Vulnerability: This is an unauthenticated access vulnerability within the get_jpeg script. It allows remote, unauthenticated attackers to retrieve video snapshots from specific camera channels by sending crafted requests to the /cgi-bin/get_jpeg endpoint.
Business Impact
The exploitation of this vulnerability results in a complete loss of confidentiality regarding surveillance footage. Given the CVSS score of 9.8, the ability for an unauthenticated remote attacker to view private video streams creates significant privacy risks, potential regulatory non-compliance, and the exposure of sensitive operational environments.
Remediation Plan
Immediate Action: Update the iSeeQ Hybrid DVR firmware to the latest available version provided by the manufacturer.
Proactive Monitoring: Review access logs for suspicious or repetitive requests targeting the /cgi-bin/get_jpeg endpoint from unknown IP addresses.
Compensating Controls: Deploy a network firewall or Web Application Firewall (WAF) to restrict access to the DVR management interface and block requests to unauthorized CGI scripts.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of Dec 24, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical security failure in the device's authentication mechanism. Organizations currently utilizing the affected iSeeQ Hybrid DVR must prioritize firmware updates immediately to prevent unauthorized surveillance access. If updates are unavailable, the device should be isolated from the public internet using a VPN or restricted network segment.
Update iSeeQ Hybrid DVR Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by...
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
Executive Summary:
A critical authentication bypass vulnerability exists in multiple Smartwares HOME easy products. This flaw allows an unauthenticated attacker to gain full administrative access simply by disabling JavaScript in their web browser, exposing sensitive system information and control functions. The simplicity of this attack combined with its high impact presents a significant and immediate risk to affected systems.
Vulnerability Details
CVE-ID: CVE-2019-25235
Affected Software: Smartwares HOME easy Multiple Products
Affected Versions: Version 1.0.9 is confirmed to be vulnerable. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: The vulnerability is a result of improper implementation of authentication controls, which are performed exclusively on the client-side using JavaScript. An attacker can disable JavaScript execution in their browser, which prevents the authentication logic from running. This allows the attacker to directly navigate to administrative URLs that are intended for authenticated users, as the server-side application fails to perform any session or permission validation before serving the requested pages.
Business Impact
This vulnerability is rated as critical with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected Smartwares HOME easy system. An attacker could gain unauthorized access to sensitive configuration data, view device statuses, and potentially control connected smart home devices. This could result in privacy violations, physical security risks (e.g., disabling security cameras or alarms), and could serve as a pivot point for further attacks on the internal network.
Remediation Plan
Immediate Action: Immediately apply the security patches provided by the vendor. Organizations should update all instances of Smartwares HOME easy Multiple Products to the latest available version to mitigate this vulnerability.
Proactive Monitoring: Security teams should monitor web server and application logs for direct access attempts to administrative pages from unauthenticated sources. Scrutinize network traffic for requests to sensitive endpoints that are not preceded by a successful login event. An increase in requests from clients with unusual User-Agent strings or those indicating disabled JavaScript could be an indicator of an exploitation attempt.
Compensating Controls: If immediate patching is not feasible, implement the following controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of Dec 24, 2025, the exploitation method (disabling JavaScript) is publicly known and trivial to execute. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its low attack complexity and high impact make it an attractive target for attackers.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the extreme ease of exploitation, this vulnerability requires immediate attention. We strongly recommend that organizations prioritize patching all affected Smartwares HOME easy products without delay. If patching cannot be performed immediately, the compensating controls listed above, particularly network access restriction and segmentation, must be implemented as a matter of urgency to reduce the attack surface and mitigate the immediate risk of compromise.
Update Smartwares HOME easy Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shel...
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client.
Executive Summary:
A critical buffer overflow vulnerability exists in multiple NetPCLinker products, identified as CVE-2019-25232. An unauthenticated attacker can exploit this flaw by sending a specially crafted, overly long input to the DNS/IP field, leading to arbitrary code execution on the affected system. Successful exploitation would result in a complete compromise of the server, allowing an attacker to take full control.
Vulnerability Details
CVE-ID: CVE-2019-25232
Affected Software: NetPCLinker Multiple Products
Affected Versions: Version 1.0.0.0 is confirmed vulnerable. See vendor advisory for a complete list of specific affected products and versions.
Vulnerability: This is a classic stack-based buffer overflow vulnerability. The application fails to properly validate the length of user-supplied input in the DNS/IP field within the Clients Control Panel. An attacker can provide a string that is longer than the buffer allocated to store it, causing the excess data to overwrite adjacent memory on the stack, including the Structured Exception Handler (SEH) record. By crafting a malicious payload, the attacker can overwrite the SEH pointer to redirect program execution to their own shellcode, which is also included in the payload, resulting in arbitrary code execution with the privileges of the NetPCLinker application.
Business Impact
The vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the highest possible impact on confidentiality, integrity, and availability. A successful exploit grants an attacker the ability to execute arbitrary commands on the underlying server. This could lead to a complete system compromise, enabling the attacker to steal sensitive data, install persistent malware or ransomware, pivot to other systems within the network, or disrupt critical business operations by causing a denial of service. The potential business consequences include significant data breaches, financial loss, reputational damage, and regulatory penalties.
Remediation Plan
Immediate Action: Update NetPCLinker Multiple Products to the latest version immediately. Check the official vendor security advisory for specific patch details and version information. After patching, monitor for any signs of exploitation attempts and review historical access logs for anomalous entries in the DNS/IP field.
Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for application logs showing exceptionally long or malformed strings submitted to the DNS/IP field. Monitor for unexpected outbound network connections or process execution (e.g., cmd.exe, powershell.exe) originating from the NetPCLinker service, which could indicate a successful compromise.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of the published date, Jan 30, 2026, this vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating no widespread, active exploitation has been observed by CISA. However, the technical details are public, and proof-of-concept (PoC) exploits are available, making it a straightforward target for attackers.
Analyst Recommendation
Due to the critical CVSS score of 9.8 and the potential for complete system compromise, this vulnerability poses an extreme risk to the organization. The immediate priority must be to apply the vendor-supplied patches across all affected systems. Although not currently on the CISA KEV list, the availability of public exploits means that organizations running vulnerable versions are highly exposed. If patching is delayed for any reason, the compensating controls listed above must be implemented without delay to reduce the attack surface.
Update NetPCLinker Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
devolo dLAN Cockpit 4
devolo dLAN Cockpit 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types...
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: February 23, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: February 23, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Use after free in PDFium in Google Chrome prior to 78
Use after free in PDFium in Google Chrome prior to 78
---METADATA---
VENDOR: Google
PRODUCT: Chrome
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
A use-after-free vulnerability exists in the PDFium component of Google Chrome prior to version 78, potentially allowing for arbitrary code execution.
Executive Summary:
A use-after-free vulnerability in Google Chrome’s PDFium component poses a significant risk of arbitrary code execution for affected users.
Vulnerability Details
CVE-ID: CVE-2019-13721
Affected Software: Google Chrome
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a use-after-free memory corruption vulnerability located within the PDFium engine. While specific authentication requirements are not explicitly stated, such browser-based flaws typically require user interaction, such as navigating to a malicious website.
Business Impact
Successful exploitation of this memory corruption vulnerability could lead to arbitrary code execution within the context of the browser. This presents a high risk to business operations, as it could facilitate unauthorized system access, data exfiltration, or the deployment of malicious payloads on endpoints. The CVSS score of 8.8 reflects the high potential for impact on workstation and server security.
Remediation Plan
Immediate Action: Update all Google Chrome installations to version 78 or later to ensure the PDFium component is patched.
Proactive Monitoring: Monitor endpoint logs for unusual browser activity or unexpected process crashes that may indicate exploitation attempts.
Compensating Controls: Utilize endpoint protection platforms (EPP) and browser-based security policies to restrict the execution of unauthorized scripts or malicious PDF content.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of browser-based vulnerabilities, organizations should prioritize updating all instances of Google Chrome. Failure to remediate this flaw may expose internal endpoints to remote code execution attacks; therefore, immediate deployment of the latest vendor security updates is strongly recommended.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: January 1, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: January 1, 2026 (20 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: January 1, 2026
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
The WordPress Baggage Freight Shipping Australia plugin contains an unrestricted file upload vulnerability allowing unauthenticated remote code execut...
The WordPress Baggage Freight Shipping Australia plugin contains an unrestricted file upload vulnerability allowing unauthenticated remote code execution.
---METADATA---
VENDOR: WordPress
PRODUCT: Baggage Freight Shipping Australia Plugin
AFFECTED_VERSIONS: 0.1.0
---END_METADATA---
Description Summary:
The WordPress Baggage Freight Shipping Australia plugin contains an unrestricted file upload vulnerability allowing unauthenticated remote code execution.
Executive Summary:
An unauthenticated arbitrary file upload vulnerability in the Baggage Freight Shipping Australia plugin allows attackers to achieve remote code execution.
Vulnerability Details
CVE-ID: CVE-2018-25436
Affected Software: WordPress Plugin: Baggage Freight Shipping Australia
Affected Versions: 0.1.0
Vulnerability: The plugin's upload-package.php endpoint fails to validate file extensions, allowing unauthenticated attackers to upload malicious files directly to the server.
Business Impact
With a CVSS score of 9.8, this vulnerability allows for complete site compromise. An attacker can upload web shells to gain persistent access, leading to data breaches, unauthorized modifications, and the redirection of site traffic.
Remediation Plan
Immediate Action: Deactivate and remove the Baggage Freight Shipping Australia plugin if it is not strictly necessary; otherwise, check the vendor for the latest security update.
Proactive Monitoring: Scan the plugin's upload directory for executable scripts (e.g., .php files) that should not be present.
Compensating Controls: Use a WAF to block POST requests directed at the upload-package.php endpoint.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of June 15, 2026, there is no public information indicating active exploitation of this vulnerability. However, the nature of the flaw poses a critical risk to site integrity.
Analyst Recommendation
Due to the critical nature of unrestricted file upload vulnerabilities, immediate removal or patching of the affected plugin is mandatory to protect the WordPress environment from unauthorized code execution.
Update WordPress Plugin Baggage to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Arm Whois 3
Arm Whois 3
---METADATA---
VENDOR: Arm
PRODUCT: Whois
AFFECTED_VERSIONS: Arm Whois 3.11
---END_METADATA---
Description Summary:
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code via malicious input files.
Executive Summary:
A critical buffer overflow vulnerability in Arm Whois 3.11 could allow local attackers to achieve arbitrary code execution by hijacking the structured exception handler.
Vulnerability Details
CVE-ID: CVE-2018-25432
Affected Software: Arm Whois
Affected Versions: Arm Whois 3.11
Vulnerability: This is a buffer overflow vulnerability triggered by a malicious input file. By crafting an input with a 672-byte offset, a local attacker can overwrite the nSEH and SEH pointers to hijack the exception handler and execute arbitrary code.
Business Impact
With a CVSS score of 8.4, this vulnerability represents a high risk to organizational security. Successful exploitation could lead to full system compromise, allowing an attacker to gain unauthorized control over the host running the software, potentially resulting in data exfiltration or lateral movement within the network.
Remediation Plan
Immediate Action: Review the official Arm vendor advisory for available security updates and apply patches to all affected systems immediately.
Proactive Monitoring: Monitor system logs for unusual application crashes or error reports associated with the Whois service, which may indicate exploitation attempts.
Compensating Controls: Restrict access to the affected binary to authorized users only and implement endpoint detection and response (EDR) solutions to identify anomalous process behavior.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the existence of public exploit code, the potential for exploitation is high.
Analyst Recommendation
Given the ability for local attackers to achieve arbitrary code execution, this vulnerability poses a significant threat. Administrators should prioritize identifying instances of Arm Whois 3.11 and applying the necessary patches to mitigate the risk of system exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Arm Whois 3.11 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code.
Arm Whois 3.11 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code.
---METADATA---
VENDOR: Arm
PRODUCT: Whois
AFFECTED_VERSIONS: 3.11
---END_METADATA---
Description Summary:
Arm Whois 3.11 is vulnerable to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code.
Executive Summary:
A critical stack-based buffer overflow in Arm Whois 3.11 allows remote attackers to execute arbitrary code via malformed input.
Vulnerability Details
CVE-ID: CVE-2018-25427
Affected Software: Arm Whois
Affected Versions: 3.11
Vulnerability: The application fails to bound input in the IP or domain field, allowing an attacker to send more than 658 bytes to overwrite the structured exception handler and gain command execution.
Business Impact
This vulnerability allows for unauthenticated remote code execution, which can result in full system compromise. With a CVSS score of 9.8, the potential for total system takeover makes this a high-severity risk for any infrastructure running this software.
Remediation Plan
Immediate Action: Update Arm Whois to the latest version to resolve the buffer overflow vulnerability.
Proactive Monitoring: Monitor network traffic for oversized or malformed Whois queries directed at the application.
Compensating Controls: Implement input length validation at the network perimeter or via a firewall to block requests exceeding expected size constraints.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Jun 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Buffer overflow vulnerabilities in network-facing services are highly dangerous. Organizations should verify their versions of Arm Whois and apply updates immediately to mitigate the risk of remote code execution.
Update Arm Whois Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Yot CMS 3
Yot CMS 3
---METADATA---
VENDOR: Yot CMS
PRODUCT: Yot CMS
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A SQL injection vulnerability affects Yot CMS, which may allow attackers to execute arbitrary database commands.
Executive Summary:
Yot CMS is affected by a high-severity SQL injection vulnerability that could result in unauthorized database access and compromise of stored data.
Vulnerability Details
CVE-ID: CVE-2018-25425
Affected Software: Yot CMS
Affected Versions: See vendor advisory
Vulnerability: The application fails to properly sanitize user-supplied input, leading to SQL injection. This allows attackers to manipulate backend database queries, potentially leading to unauthorized data disclosure or modification.
Business Impact
The CVSS score of 8.2 highlights the significant risk posed by this vulnerability. A successful attack could lead to the total compromise of the CMS database, potentially exposing all content, user credentials, and administrative settings.
Remediation Plan
Immediate Action: Update Yot CMS to the latest version provided by the vendor to resolve the injection flaw.
Proactive Monitoring: Audit application logs for unusual activity or signs of database enumeration attempts.
Compensating Controls: Implement WAF rules to detect and block SQL injection payloads directed at the application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must ensure that the CMS is updated immediately. Given the severity of SQL injection vulnerabilities, this should be treated as a priority task to maintain the confidentiality and integrity of the application.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Gate Pass Management System 2
Gate Pass Management System 2
---METADATA---
VENDOR: Gate Pass Management System
PRODUCT: Gate Pass Management System
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A SQL injection vulnerability exists in the Gate Pass Management System, potentially allowing unauthorized database manipulation.
Executive Summary:
The Gate Pass Management System contains a high-severity SQL injection vulnerability that could permit unauthorized access to backend database information.
Vulnerability Details
CVE-ID: CVE-2018-25424
Affected Software: Gate Pass Management System
Affected Versions: See vendor advisory
Vulnerability: The application is susceptible to SQL injection, which may allow an attacker to interfere with the queries that the application makes to its database. Depending on the implementation, this can lead to unauthorized data retrieval or modification.
Business Impact
With a CVSS score of 8.2, this vulnerability represents a significant risk to the security of the application's data. Unauthorized access to a management system could lead to the exposure of sensitive operational or personal information, resulting in potential regulatory or reputational impact.
Remediation Plan
Immediate Action: Contact the vendor for the latest security patches and apply them to all instances of the Gate Pass Management System.
Proactive Monitoring: Review database logs for anomalous queries or unauthorized access attempts originating from the application service account.
Compensating Controls: Utilize a WAF to filter and block common SQL injection patterns in incoming web traffic.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations utilizing this software should treat this vulnerability as a high priority. Ensure that the software is updated to the latest available version and audit database permissions to limit the impact of a potential breach.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting...
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter
---METADATA---
VENDOR: MOGG
PRODUCT: Web Simulator
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
The MOGG web simulator script is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary database commands via the 'id' parameter.
Executive Summary:
An unauthenticated SQL injection vulnerability in the MOGG web simulator allows remote attackers to compromise the underlying database.
Vulnerability Details
CVE-ID: CVE-2018-25422
Affected Software: MOGG Web Simulator
Affected Versions: See vendor advisory for affected versions
Vulnerability: The application fails to properly sanitize input in the 'id' parameter, enabling unauthenticated attackers to perform SQL injection attacks. This allows for unauthorized execution of arbitrary SQL commands against the backend database.
Business Impact
This vulnerability carries a CVSS score of 8.2, representing a high risk of total database compromise. Successful exploitation could lead to unauthorized data exfiltration, modification of critical records, or complete loss of database integrity, severely impacting business operations and data privacy.
Remediation Plan
Immediate Action: Apply the vendor-supplied patch or update to the latest version of the MOGG web simulator. If no patch is available, sanitize all user-supplied input to the 'id' parameter using parameterized queries or prepared statements.
Proactive Monitoring: Review database access logs for anomalous, high-frequency, or suspicious SQL query patterns that deviate from standard application behavior.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules specifically configured to detect and block SQL injection patterns targeting the 'id' parameter.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The severity of this SQL injection vulnerability necessitates immediate remediation. Administrators should verify the current installation version and apply available security patches immediately to prevent potential unauthorized database access.
Apply vendor patches immediately. Review database access controls and enable query logging.
AiOPMSD Final 1
AiOPMSD Final 1
---METADATA---
VENDOR: AiOPMSD
PRODUCT: AiOPMSD Final
AFFECTED_VERSIONS: AiOPMSD Final 1.0.0
---END_METADATA---
Description Summary:
A SQL injection vulnerability in AiOPMSD Final 1.0.0 allows unauthenticated attackers to execute arbitrary SQL queries via the 'id' parameter in watch.php.
Executive Summary:
An unauthenticated SQL injection vulnerability in AiOPMSD Final 1.0.0 exposes the application to unauthorized database access and potential data exfiltration.
Vulnerability Details
CVE-ID: CVE-2018-25420
Affected Software: AiOPMSD Final
Affected Versions: AiOPMSD Final 1.0.0
Vulnerability: The application fails to properly sanitize input provided to the 'id' parameter within the watch.php script. This allows an unauthenticated attacker to inject malicious SQL commands to extract sensitive data such as database names, usernames, and version information.
Business Impact
Successful exploitation of this vulnerability could lead to a full compromise of the backend database, resulting in the exfiltration of sensitive organizational data. With a CVSS score of 8.2, this high-severity flaw poses a significant risk to data confidentiality and integrity.
Remediation Plan
Immediate Action: Apply the security updates provided by the vendor or implement parameterized queries to sanitize input in watch.php.
Proactive Monitoring: Monitor database access logs for suspicious query patterns, such as unexpected use of UNION or SLEEP commands, which are common indicators of SQL injection attempts.
Compensating Controls: Deploy a Web Application Firewall (WAF) with SQL injection protection rules to block malicious GET requests targeting the 'id' parameter.
Exploitation Status
Public Exploit Available: true
Analyst Notes: As of June 1, 2026, there is public information confirming the existence of exploit code for this vulnerability. Given the ease of exploitation, the risk of active targeting is elevated.
Analyst Recommendation
This vulnerability is highly critical due to the availability of public exploit code and the lack of authentication required for execution. System administrators must prioritize patching or implementing the recommended compensating controls immediately to prevent unauthorized data access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AiOPMSD Final 1
AiOPMSD Final 1
---METADATA---
VENDOR: AiOPMSD
PRODUCT: AiOPMSD
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
AiOPMSD Final 1 contains a high-severity vulnerability that could allow for unauthorized system access or potential compromise.
Executive Summary:
A high-severity vulnerability in AiOPMSD poses a significant security risk, requiring immediate remediation to ensure application and data integrity.
Vulnerability Details
CVE-ID: CVE-2018-25419
Affected Software: AiOPMSD
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects AiOPMSD, potentially allowing an attacker to gain unauthorized access or execute commands, which could lead to a compromise of the application and the host system.
Business Impact
The CVSS score of 8.2 reflects a high-severity risk. Successful exploitation could lead to unauthorized data access, system disruption, or other malicious activities, significantly impacting the organization's business operations.
Remediation Plan
Immediate Action: Update the AiOPMSD installation to the most recent version provided by the vendor to remediate the vulnerability.
Proactive Monitoring: Implement thorough logging and monitoring to detect any potential exploitation attempts or unauthorized activity.
Compensating Controls: Use a WAF to filter malicious traffic and implement strict network access controls to limit exposure to the application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations should prioritize the remediation of this high-severity vulnerability. Ensure all instances of AiOPMSD are updated and monitor the environment closely for any signs of unauthorized activity.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AiOPMSD Final 1
AiOPMSD Final 1
---METADATA---
VENDOR: AiOPMSD
PRODUCT: AiOPMSD
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
AiOPMSD Final 1 is vulnerable to a high-severity security flaw that could allow for unauthorized system access or control.
Executive Summary:
A high-severity vulnerability in AiOPMSD requires immediate attention to prevent unauthorized access and potential compromise.
Vulnerability Details
CVE-ID: CVE-2018-25418
Affected Software: AiOPMSD
Affected Versions: See vendor advisory for affected versions
Vulnerability: The AiOPMSD application contains a vulnerability that could be exploited to gain unauthorized access, potentially allowing an attacker to perform actions with the privileges of the application.
Business Impact
With a CVSS score of 8.2, this vulnerability poses a high risk to the business. Exploitation could lead to the unauthorized retrieval of sensitive information or the disruption of critical business processes.
Remediation Plan
Immediate Action: Update AiOPMSD to the latest version to address this vulnerability. Ensure all patches are verified as correctly installed.
Proactive Monitoring: Monitor for unusual activity in application logs that could indicate an attempt to exploit this vulnerability.
Compensating Controls: Restrict external access to the application using a WAF and ensure that access controls are strictly enforced.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high-severity nature of this flaw, immediate action is required. Organizations should ensure that all instances of AiOPMSD are updated and that compensating controls are in place to mitigate the risk until full patching is achieved.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
AiOPMSD Final 1
AiOPMSD Final 1
---METADATA---
VENDOR: AiOPMSD
PRODUCT: AiOPMSD
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
AiOPMSD Final 1 contains a high-severity vulnerability that could potentially allow for unauthorized access or system impact.
Executive Summary:
A high-severity vulnerability in AiOPMSD poses a significant security risk, necessitating immediate remediation to prevent potential compromise.
Vulnerability Details
CVE-ID: CVE-2018-25417
Affected Software: AiOPMSD
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability involves a design flaw in AiOPMSD that may allow an attacker to perform unauthorized operations, potentially leading to an elevated level of access within the application.
Business Impact
The CVSS score of 8.2 indicates a high-severity risk. Successful exploitation could lead to critical data breaches or loss of service, which would have a detrimental effect on business continuity and security posture.
Remediation Plan
Immediate Action: Apply available security patches for AiOPMSD immediately. If no patch is available, restrict access to the application to authorized users only.
Proactive Monitoring: Review application logs for any evidence of unauthorized access or anomalous behavior.
Compensating Controls: Use a WAF to inspect and filter incoming traffic for known attack patterns associated with this type of vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should treat this as a high-priority item. Immediate patching is the most effective way to mitigate this risk; if patching is not possible, consider disabling the application until a secure version can be deployed.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Wacom
PRODUCT: WTabletService
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability exists in Wacom WTabletService 6 that could allow for unauthorized actions. The flaw resides in the core service handling tablet input and driver communications.
Executive Summary:
A high-severity vulnerability in the Wacom WTabletService could allow an attacker to compromise system integrity or disrupt tablet services on affected workstations.
Vulnerability Details
CVE-ID: CVE-2019-25288
Affected Software: Wacom WTabletService
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a flaw in the WTabletService 6 component. Based on the service's role, the issue likely involves improper handling of inter-process communications, potentially allowing an attacker to interact with the service without proper authorization.
Business Impact
A successful exploit of this vulnerability could lead to local privilege escalation or a denial-of-service condition, impacting users who rely on Wacom hardware for professional creative workflows. With a CVSS score of 7.8, the severity is High, as it could allow an attacker to gain unauthorized control over service functions, potentially leading to broader system compromise or loss of productivity.
Remediation Plan
Immediate Action: Administrators should immediately apply the latest driver updates provided by Wacom to ensure the WTabletService is patched against this flaw.
Proactive Monitoring: Security teams should monitor for unusual service restarts or unexpected crashes of the WTabletService process in system logs.
Compensating Controls: Restrict administrative privileges on workstations to prevent unauthorized users from interacting with system-level services like WTabletService.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, the late disclosure of this 2019 flaw suggests that legacy systems may remain vulnerable, increasing the potential for targeted exploitation in environments with aging hardware.
Analyst Recommendation
The High CVSS score of 7.8 necessitates immediate attention despite the age of the CVE identifier. IT departments should audit all workstations utilizing Wacom tablets and force a driver update to the latest secure version to mitigate the risk of local exploitation.