Normal view
Archer MR600 vulnerable to OS command injection
-
CXSECURITY Database RSS Feed - CXSecurity.com
- LangChain Core - Serialization Injection to Jinja2 SSTI/RCE
LangChain Core - Serialization Injection to Jinja2 SSTI/RCE
LangChain Core - Serialization Injection to Jinja2 SSTI/RCE
LayerSlider 7.9.5 β Unauthenticated SQL Injection
-
CXSECURITY Database RSS Feed - CXSecurity.com
- WordPress Plugin FS Affiliates 5.6 - Unrestricted Arbitrary File Upload
WordPress Plugin FS Affiliates 5.6 - Unrestricted Arbitrary File Upload
Telnet Argument Injection Privilege Escalation - RCE
Command injection vulnerability in ASUS routers
-
JVNRSS Feed - Update Entry
- Multiple Brother software installers may insecurely load Dynamic Link Libraries
Multiple Brother software installers may insecurely load Dynamic Link Libraries
-
Center for Internet Security - Multi-State Information Sharing and Analysis Center
- A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution
A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution
A vulnerability has been discovered in Cisco Unified Communications Products which could allow for remote code execution. Cisco Unified Communications (UC) Products are an integrated suite of IP-based hardware and software that combine voice, video, messaging, and data into a single platform. Successful exploitation of this vulnerability could allow for remote code execution as root, which may lead to the complete compromise of the affected device.
CISO Middle East Summit 2026 β Doha
CISO Middle East Summit β Doha, Qatar | 22nd January 2026
The CISO Middle East Summit 2026, taking place on 22nd January in Doha, Qatar, stands as one of the regionβs most anticipated gatherings for cybersecurity leaders, innovators, and policymakers. Under the theme βDigital Freedom & Resilience: The Pillars of Qatarβs Cyber Vision 2030,β the summit will unite key decision-makers from government, critical infrastructure, and enterprise sectors to shape the future of cybersecurity in the Middle East.
The event will feature thought-provoking discussions, strategic insights, and real-world case studies that address the evolving cyber threat landscape and the increasing need for digital trust, resilience, and collaboration. With participation from senior cybersecurity executives, government representatives, and technology experts, the summit will highlight emerging trends in AI security, regulatory evolution, and national cyber defense.
Beyond its knowledge-sharing sessions, the CISO Middle East Summit offers a unique networking platform for CISOs, solution providers, and innovators to connect and explore partnerships that drive the regionβs cybersecurity maturity. Supported by leading sponsors and media partners, this one-day event in Doha reinforces Qatarβs growing position as a hub for digital innovation and cyber resilience.
For those driving the next phase of security transformation, this summit is a defining milestone in the Middle Eastβs cybersecurity journey.
The post CISO Middle East Summit 2026 β Doha appeared first on CISO MAG | Cyber Security Magazine.
-
JVNRSS Feed - Update Entry
- "iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
WAM Morocco
WAM Morocco 2026 is organised by KAOUN International (a subsidiary of Dubai World Trade Centre) and proudly in association with GITEX Africa. The debut event is set to be the continentβs largest tech and start-up event in advanced manufacturing and future mobility.
WAM Morocco will take place under the auspices of the Moroccan Ministry of Industry and Trade from 20 β 22 January 2026 at Foire Internationale de Casablanca, Morocco. Expected to draw over 350 exhibitors and more than 20,000 high-level corporate buyers, WAM Morocco will be the hub where the entire industrial innovation ecosystem connects and collaborates.
WAM Morocco features four co-located events World Advanced Future Mobility (WAFM), World Green Energy (WGE), World Pharma Manufacturing (WPM) and World Digital Food Hub (WDFH). Cutting-edge technologies in AI, quantum computing, 3D printing, blockchain and mixed reality will take centre stage at WAM Morocco and drive forward Moroccoβs vision of becoming a globally competitive and sustainable manufacturing capital.
The post WAM Morocco appeared first on CISO MAG | Cyber Security Magazine.
Multiple vulnerabilities in Trend Micro Apex Central (January 2026)
-
JVNRSS Feed - Update Entry
- Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Ruijie Networks AP180 series vulnerable to OS command injection
Chamillo LMS 1.11.2 Missing Cache Header
-
CXSECURITY Database RSS Feed - CXSecurity.com
- ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting
ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting
-
CXSECURITY Database RSS Feed - CXSecurity.com
- WordPress Plugin wp-front-user-submit β AJAX Login Username Enumeration Vulnerability
WordPress Plugin wp-front-user-submit β AJAX Login Username Enumeration Vulnerability
-
CERT Recently Published Vulnerability Notes
- VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash
VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash
Overview
An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory access.
Description
libheif is an open-source library used for decoding and encoding modern image formats, including HEIF (High Efficiency Image File Format) and AVIF (AV1 Image File Format). These formats provide high compression efficiency and are widely used across mobile devices and online platforms.
libheif contains an out-of-bounds iterator access vulnerability in its uncompressed codec. The issue occurs when the decoder processes certain metadata structures within a HEIF file. Specifically, the decoder fails to adequately validate values read from an internal metadata box before performing iterator arithmetic on the underlying data buffer.
As a result, a malformed HEIF file can cause the decoder to read past the end of the input buffer and incorrectly interpret unrelated memory as valid metadata. This invalid memory access may lead to a segmentation fault during image decoding.
The CVE-2025-65586 captures this out-of-bounds checking flaw in libheifβs uncompressed codec that allows a maliciously crafted HEIF file to trigger an out-of-bounds read, resulting in a segmentation fault and denial of service when the file is parsed. The vulnerability was introduced in commit 6190b58f (October 3, 2024). Versions v1.19.0 through Versions 1.20.2 are affected by this vulnerbaility. The versions v1.17.6 and earlier are not affected. The issue was reported to the libheif project and has been fixed in commit f4d9157 (November 5, 2025) and then merged to the version release 1.21.0 at the end of 2025.
Impact
An attacker can exploit this vulnerability by supplying a maliciously crafted HEIF image, causing applications that use libheif to crash. Based on current analysis, exploitation is limited to denial-of-service conditions.
Potential impacts include
- Unexpected termination of applications that decode HEIF images
- Crashes in systems that automatically generate previews or thumbnails
- Disruption of services that process untrusted HEIF content (e.g., browsers, email clients, photo management tools)
There is no evidence at this time that this vulnerability can be used to achieve memory disclosure or arbitrary code execution.
Discovery
The vulnerability was discovered through coverage-guided fuzzing using AddressSanitizer-instrumented builds of libheif. The issue was reproducible across standard Linux development environments.
Solution
Software vendors and developers using the libheif library are strongly encouraged to update to version 1.21.0 or later, which includes the fix for this vulnerability. End users should apply available software updates to ensure they are running a version of libheif that addresses this issue.
Acknowledgements
Thanks to the reporter Maor Caplan for identifying the vulnerability and to Dirk Farin for implementing the fix. This document was written by Timur Snoke.
Vendor Information
Other Information
| CVE IDs: | CVE-2025-65586 |
| Date Public: | 2026-01-20 |
| Date First Published: | 2026-01-20 |
| Date Last Updated: | 2026-01-27 17:39 UTC |
| Document Revision: | 4 |