News & Sicurezza

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Windows Error Reporting Service Vulnerability Let Attackers Elevate Privileges – PoC Released Windows Error Reporting Vulnerability A critical security flaw in Windows Error Reporting Service has been discovered, allowing attackers with standard user access to escalate their privileges to SYST ... Read more Published Date: Feb 10, 2026 (1 hour, 40 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-20817

CVE ID : CVE-2025-15570 Published : Feb. 10, 2026, 1:02 p.m. | 1 hour, 19 minutes ago Description : A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Unpatched SolarWinds WHD instances under active attack Internet‑exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ networks, Microsoft and Huntre ... Read more Published Date: Feb 10, 2026 (2 hours, 58 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-26399

A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.

CVE ID : CVE-2025-15569 Published : Feb. 10, 2026, 11:16 a.m. | 3 hours, 5 minutes ago Description : A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE ID : CVE-2025-11537 Published : Feb. 10, 2026, 11:16 a.m. | 3 hours, 5 minutes ago Description : A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise. Severity: 5.0 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, wh ... Read more Published Date: Feb 10, 2026 (4 hours, 31 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-24858 CVE-2026-21509 CVE-2026-24423 CVE-2026-23760 CVE-2025-52691 CVE-2025-8088

Fancy Bear Hackers Exploiting Microsoft Zero-Day Vulnerability to Deploy Backdoors and Email Stealers The Russia-linked cyber espionage group known as Fancy Bear has launched Operation Neusploit. The group is also known as APT28. This marks a significant escalation, leveraging a zero-day vulnerability ... Read more Published Date: Feb 10, 2026 (4 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-21509

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the `ninja_forms_merge_tags` filter to user-supplied input within repeater fields, which allows the resolution of `{post_meta:KEY}` merge tags without authorization checks. This makes it possible for unauthenticated attackers to extract arbitrary post metadata from any post on the site, including sensitive data such as WooCommerce billing emails, API keys, private tokens, and customer personal information via the `nf_ajax_submit` AJAX action.