Normal view
Command injection vulnerability in ASUS routers
-
JVNRSS Feed - Update Entry
- Multiple Brother software installers may insecurely load Dynamic Link Libraries
Multiple Brother software installers may insecurely load Dynamic Link Libraries
-
Center for Internet Security - Multi-State Information Sharing and Analysis Center
- A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution
A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution
A vulnerability has been discovered in Cisco Unified Communications Products which could allow for remote code execution. Cisco Unified Communications (UC) Products are an integrated suite of IP-based hardware and software that combine voice, video, messaging, and data into a single platform. Successful exploitation of this vulnerability could allow for remote code execution as root, which may lead to the complete compromise of the affected device.
CISO Middle East Summit 2026 β Doha
CISO Middle East Summit β Doha, Qatar | 22nd January 2026
The CISO Middle East Summit 2026, taking place on 22nd January in Doha, Qatar, stands as one of the regionβs most anticipated gatherings for cybersecurity leaders, innovators, and policymakers. Under the theme βDigital Freedom & Resilience: The Pillars of Qatarβs Cyber Vision 2030,β the summit will unite key decision-makers from government, critical infrastructure, and enterprise sectors to shape the future of cybersecurity in the Middle East.
The event will feature thought-provoking discussions, strategic insights, and real-world case studies that address the evolving cyber threat landscape and the increasing need for digital trust, resilience, and collaboration. With participation from senior cybersecurity executives, government representatives, and technology experts, the summit will highlight emerging trends in AI security, regulatory evolution, and national cyber defense.
Beyond its knowledge-sharing sessions, the CISO Middle East Summit offers a unique networking platform for CISOs, solution providers, and innovators to connect and explore partnerships that drive the regionβs cybersecurity maturity. Supported by leading sponsors and media partners, this one-day event in Doha reinforces Qatarβs growing position as a hub for digital innovation and cyber resilience.
For those driving the next phase of security transformation, this summit is a defining milestone in the Middle Eastβs cybersecurity journey.
The post CISO Middle East Summit 2026 β Doha appeared first on CISO MAG | Cyber Security Magazine.
-
JVNRSS Feed - Update Entry
- "iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
WAM Morocco
WAM Morocco 2026 is organised by KAOUN International (a subsidiary of Dubai World Trade Centre) and proudly in association with GITEX Africa. The debut event is set to be the continentβs largest tech and start-up event in advanced manufacturing and future mobility.
WAM Morocco will take place under the auspices of the Moroccan Ministry of Industry and Trade from 20 β 22 January 2026 at Foire Internationale de Casablanca, Morocco. Expected to draw over 350 exhibitors and more than 20,000 high-level corporate buyers, WAM Morocco will be the hub where the entire industrial innovation ecosystem connects and collaborates.
WAM Morocco features four co-located events World Advanced Future Mobility (WAFM), World Green Energy (WGE), World Pharma Manufacturing (WPM) and World Digital Food Hub (WDFH). Cutting-edge technologies in AI, quantum computing, 3D printing, blockchain and mixed reality will take centre stage at WAM Morocco and drive forward Moroccoβs vision of becoming a globally competitive and sustainable manufacturing capital.
The post WAM Morocco appeared first on CISO MAG | Cyber Security Magazine.
Multiple vulnerabilities in Trend Micro Apex Central (January 2026)
-
JVNRSS Feed - Update Entry
- Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Ruijie Networks AP180 series vulnerable to OS command injection
Chamillo LMS 1.11.2 Missing Cache Header
-
CXSECURITY Database RSS Feed - CXSecurity.com
- ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting
ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting
-
CXSECURITY Database RSS Feed - CXSecurity.com
- WordPress Plugin wp-front-user-submit β AJAX Login Username Enumeration Vulnerability
WordPress Plugin wp-front-user-submit β AJAX Login Username Enumeration Vulnerability
-
CERT Recently Published Vulnerability Notes
- VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash
VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash
Overview
An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory access.
Description
libheif is an open-source library used for decoding and encoding modern image formats, including HEIF (High Efficiency Image File Format) and AVIF (AV1 Image File Format). These formats provide high compression efficiency and are widely used across mobile devices and online platforms.
libheif contains an out-of-bounds iterator access vulnerability in its uncompressed codec. The issue occurs when the decoder processes certain metadata structures within a HEIF file. Specifically, the decoder fails to adequately validate values read from an internal metadata box before performing iterator arithmetic on the underlying data buffer.
As a result, a malformed HEIF file can cause the decoder to read past the end of the input buffer and incorrectly interpret unrelated memory as valid metadata. This invalid memory access may lead to a segmentation fault during image decoding.
The CVE-2025-65586 captures this out-of-bounds checking flaw in libheifβs uncompressed codec that allows a maliciously crafted HEIF file to trigger an out-of-bounds read, resulting in a segmentation fault and denial of service when the file is parsed. The vulnerability was introduced in commit 6190b58f (October 3, 2024). Versions v1.19.0 through Versions 1.20.2 are affected by this vulnerbaility. The versions v1.17.6 and earlier are not affected. The issue was reported to the libheif project and has been fixed in commit f4d9157 (November 5, 2025) and then merged to the version release 1.21.0 at the end of 2025.
Impact
An attacker can exploit this vulnerability by supplying a maliciously crafted HEIF image, causing applications that use libheif to crash. Based on current analysis, exploitation is limited to denial-of-service conditions.
Potential impacts include
- Unexpected termination of applications that decode HEIF images
- Crashes in systems that automatically generate previews or thumbnails
- Disruption of services that process untrusted HEIF content (e.g., browsers, email clients, photo management tools)
There is no evidence at this time that this vulnerability can be used to achieve memory disclosure or arbitrary code execution.
Discovery
The vulnerability was discovered through coverage-guided fuzzing using AddressSanitizer-instrumented builds of libheif. The issue was reproducible across standard Linux development environments.
Solution
Software vendors and developers using the libheif library are strongly encouraged to update to version 1.21.0 or later, which includes the fix for this vulnerability. End users should apply available software updates to ensure they are running a version of libheif that addresses this issue.
Acknowledgements
Thanks to the reporter Maor Caplan for identifying the vulnerability and to Dirk Farin for implementing the fix. This document was written by Timur Snoke.
Vendor Information
Other Information
| CVE IDs: | CVE-2025-65586 |
| Date Public: | 2026-01-20 |
| Date First Published: | 2026-01-20 |
| Date Last Updated: | 2026-01-27 17:39 UTC |
| Document Revision: | 4 |
-
CERT Recently Published Vulnerability Notes
- VU#102648: Code injection vulnerability in binary-parser library
VU#102648: Code injection vulnerability in binary-parser library
Overview
The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public update.
Description
binary-parser is a JavaScript library to facilitate writing "efficient binary parsers in a simple and declarative manner." binary-parser (versions < 2.3.0) dynamically generates JavaScript code at runtime using the Function constructor. Certain user-supplied valuesβspecifically, parser field names and encoding parametersβare incorporated into this generated code without validation or sanitization.
If an application passes untrusted or externally supplied data into these parameters, the unsanitized values can alter the generated code, enabling execution of attacker-controlled JavaScript. Applications that use only static, hardcoded parser definitions are not affected.
The vendor has released a fix and clarified the libraryβs design limitations in version 2.3.0.
Impact
In affected applications that construct parser definitions using untrusted input, an attacker may be able to execute arbitrary JavaScript code with the privileges of the Node.js process. This could allow access to local data, manipulation of application logic, or execution of system commands depending on the deployment environment.
Solution
Users of the binary-parser library should upgrade to version 2.3.0 or later, where the vendor has implemented input validation and mitigations for unsafe code generation. Developers should avoid passing untrusted or user-controlled values into parser field names or encoding parameters.
Acknowledgements
Thanks to the reporter Maor Caplan for identifying the vulnerability and to Keichi Takahashi for implementing the fix. This document was written by Timur Snoke.
Vendor Information
Other Information
| CVE IDs: | CVE-2026-1245 |
| Date Public: | 2026-01-20 |
| Date First Published: | 2026-01-20 |
| Date Last Updated: | 2026-01-21 17:34 UTC |
| Document Revision: | 2 |
-
CERT Recently Published Vulnerability Notes
- VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key
VU#458022: Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key
Overview
The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token (JWT) signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result in unauthorized access to protected management endpoints.
Description
Open5GS is an open-source implementation of 5G core network functions. It includes an optional WebUI component implemented using Node.js and Next.js for managing configuration and subscriber data. The WebUI relies on multiple secret values provided via Node.js process.env environment variables. These include secrets used for cryptographic operations such as signing and validating JSON Web Tokens (JWTs). By default, these environment variables are initialized to the static value change-me, including the JWT signing secret. JWTs are commonly used to implement authentication and authorization, as well as to securely transmit claims such as user roles and permissions.
In the Open5GS WebUI, these tokens are issued and validated using the default hardcoded secret unless explicitly overridden by the executing environment by the operator. The WebUI, on startup, does not emit warnings or enforce changes to these default secrets. As a result, deployments that do not manually override the defaults will operate with predictable and publicly known cryptographic keys. An attacker with network access to the WebUI can exploit this condition to forge valid administrative JWTs.
While the WebUI includes Cross-Site Request Forgery (CSRF) protections, these controls are ineffective against requests authenticated with valid forged JWTs. The WebUI is commonly deployed in containerized environments and may be assumed to be locally exposed; however, misconfigurations or local access assumptions can still place the interface at risk.
Impact
An unauthenticated network attacker with access to the WebUI component can generate forged JWTs using the known default secret. With these tokens, the attacker can access or modify protected REST endpoints under /api/db/*. This vulnerability allows unauthorized read and write access to sensitive data, including subscriber information and system configuration. CSRF protections do not mitigate this attack, as the forged tokens satisfy authentication requirements. Successful exploitation may result in full access of the WebUI component and all of its permissions.
Solution
For Developers
A patch addressing this issue is available in the following pull request: https://github.com/open5gs/open5gs/pull/4279 against the version v2.7.6 released in July 2025. The patch introduces the use of a self-contained .env file for the WebUIβs Next.js environment and removes reliance on hardcoded default secret values. This ensures that each WebUI deployment generates and uses independent, locally scoped cryptographic secrets, reducing the risk of token forgery and key reuse across instances.
Developers integrating or redistributing the WebUI component are encouraged evaluate, validate and adopt the changes within their own environments prior to deployment
For Users
Users who are unable to apply the patch should manually configure their Node.js environment to define strong, cryptographically secure random values for the following environment variables:
- process.env.SECRET_KEY
- process.env.JWT_SECRET_KEY
These values preferable are unique per deployment and treated as sensitive secrets. Additionally, operators are advised to restrict access to the WebUI by placing it behind appropriate network controls, such as authentication gateways or secure content inspection proxies, to limit exposure from untrusted networks.
Acknowledgements
Thanks to the reporter Andrew Fasano from NIST's Center for AI Standards & Innovation. This document was written by Laurie Tyzenhaus. The software patch was written by Vijay Sarvepalli.
Vendor Information
Other Information
| CVE IDs: | CVE-2026-0622 |
| Date Public: | 2026-01-20 |
| Date First Published: | 2026-01-20 |
| Date Last Updated: | 2026-01-20 17:41 UTC |
| Document Revision: | 1 |
-
CERT Recently Published Vulnerability Notes
- VU#271649: Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier
VU#271649: Stack-based buffer overflow in libtasn1 versions v4.20.0 and earlier
Overview
A stack-based buffer overflow vulnerability exists in GNU libtasn1, a low-level ASN.1 parsing library. The issue is caused by unsafe string concatenation in the asn1_expand_octet_string function located in decoding.c. Under worst-case conditions, this results in a one-byte stack overflow that may corrupt adjacent memory. While the overflow is limited to a single byte, such conditions can still lead to unexpected behavior when processing untrusted ASN.1 input data.
Description
GNU libtasn1 is a low-level C library for manipulating Abstract Syntax Notation One (ASN.1) data structures and encoding rules, including Distinguished Encoding Rules (DER). It implements functionality defined by ITU-T Recommendations X.680 and X.690 and is widely used as a foundational component in cryptographic software stacks to parse and validate complex ASN.1-encoded data.
A stack-based buffer overflow has been identified in the function asn1_expand_octet_string in the file decoding.c. The vulnerability arises from the use of unbounded string manipulation functions (strcpy and strcat) to construct a local stack buffer (name) using the fields definitions->name and p2->name. In the worst-case scenario, both source strings may be at their maximum allowed length. When concatenated together with an additional separator character (".") and a terminating null byte, the destination buffer is undersized by one byte. As a result, the final null terminator written by strcat overflows the allocated stack buffer by a single byte.
Although the overflow is limited in size, it occurs during the parsing of potentially untrusted ASN.1 input. One-byte stack overflows have historically led to subtle memory corruption issues and may cause unexpected behavior, including crashes, during cryptographic operations such as signature verification or certificate parsing.
Impact
An attacker could trigger the buffer overflow using a malformed ASN.1 data to potential corrupt memory or cause unexpected behavior. This requires breaking libtasn1βs assumption that ASN.1 structures passed to it are already validated by the main application using this library. The impact of this vulnerability is limited due to the one-byte nature of the overflow. Exploitation is constrained and may be further mitigated by modern compiler protections such as stack canaries, _FORTIFY_SOURCE, and other hardening mechanisms. However, as the GNU libtasn1 is commonly used in cryptographic libraries and security-sensitive contexts, malformed ASN.1 input triggering this condition could result in parsing failures or abnormal behavior during critical cryptographic operations, including signature verification and cryptographic data validation.
Solution
A patch addressing this issue has been proposed to the GNU libtasn1 project and is available for review and testing at: https://gitlab.com/gnutls/libtasn1/-/merge_requests/121. Developers and integrators are encouraged to evaluate the patch and apply appropriate mitigations, such as using bounded string operations or safer formatting functions, to eliminate the overflow condition in affected versions. Read https://gitlab.com/gnutls/libtasn1/-/blob/master/NEWS.md for updates
Acknowledgements
Thanks to Benny Zelster from Microsoft Research for coordinating the disclosure of this vulnerability.This document was written by Vijay Sarvepalli.
Vendor Information
Other Information
| CVE IDs: | CVE-2025-13151 |
| Date Public: | 2026-01-20 |
| Date First Published: | 2026-01-20 |
| Date Last Updated: | 2026-01-20 16:27 UTC |
| Document Revision: | 1 |
-
Center for Internet Security - Multi-State Information Sharing and Analysis Center
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
- Adobe Bridge is a creative asset manager that lets you preview, organize, edit, and publish multiple creative assets quickly and easily.
- Adobe Dreamweaver is a web design integrated development environment (IDE) that is used to develop and design websites.
- Adobe InDesign is a professional page layout and desktop publishing software used for designing and publishing content for both print and digital media.
- Adobe InCopy is a professional word processor designed for writers and editors to collaborate with designers on documents simultaneously.
- Adobe Photoshop is a powerful raster graphics editor developed by Adobe for image creation, editing, and manipulation.
- Adobe Illustrator is a professional vector graphics editor used for creating logos, icons, typography, and other scalable graphics that retain clarity at any size.
- Adobe Substance 3D is a suite of tools for creating 3D content, including modeling, texturing, and rendering.
- Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
-
Center for Internet Security - Multi-State Information Sharing and Analysis Center
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilitiesΒ could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
-
Center for Internet Security - Multi-State Information Sharing and Analysis Center
- Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution.
- FortiSandbox is an advanced threat detection solution from Fortinet that uses sandboxing to analyze suspicious files and network traffic for advanced threats like zero-day malware and ransomware.
- FortiWeb isΒ a web application firewall (WAF) that protects web applications and APIs from cyberattacks like SQL injection and cross-site scripting, while also helping to meet compliance requirements.
- FortiVoice isΒ a unified communications solution that combines voice, chat, conferencing, and fax into a single, secure platform for businesses and schools.
- FortiOS is the Fortinetβs proprietary Operation System which is utilized across multiple product lines.
- FortiProxy isΒ aΒ secure web gatewayΒ product from Fortinet that protects users from internet-borne attacks, enforces compliance, and improves network performance.
- FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running the FortiClient agent.
- FortiSwitchManager is Fortinet's dedicated, on-premise platform for centrally managing FortiSwitch devices in large deployments.
- FortiFone is Fortinet's secure, enterprise-grade unified communications solution.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.