🟠 CVE-2026-22775 - High (7.5)

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leadi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22775/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-1019 - Critical (9.8)

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1019/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-12957 - High (8.8)

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass s...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12957/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-70308 - High (7.5)

An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70308/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-23527 - High (8.9)

H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explici...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23527/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-21913 - High (7.5)

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

On EX4000 models with 4...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21913/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2026-1021 - Critical (9.8)

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1021/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-70304 - High (7.5)

A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70304/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-67079 - Critical (9.8)

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67079/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

A China-linked APT group, UAT-8837, is exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) to target American critical infrastructure, deploying open-source tools to harvest credentials and sensitive information.
https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html

UAT-8837 targets critical infrastructure sectors in North America
https://blog.talosintelligence.com/uat-8837/

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium
confidence is a China-nexus advanced persistent threat (APT) actor based on
overlaps in tactics, techniques, and procedures (TTPs) with those of other
known China-nexus threat actors.

Based on UAT-8837's TTPs and post-compromise activity Talos has observed
across multiple intrusions, we assess with medium confidence that this actor
is primarily tasked with obtaining initial access to high-value organizations.

Although UAT-8837's targeting may appear sporadic, since at least 2025,
the group has clearly focused on targets within critical Infrastructure
sectors in North America.

After obtaining initial access — either by successful exploitation of
vulnerable servers or by using compromised credentials — UAT-8837
predominantly deploys open-source tools to harvest sensitive information such
as credentials, security configurations, and domain and Active Directory (AD)
information to create multiple channels of access to their victims. The threat
actor uses a combination of tools in their post-compromise hands-on-keyboard
operations, including Earthworm, Sharphound, DWAgent, and Certipy. The TTPs,
tooling, and remote infrastructure associated with UAT-8837 were also seen in
the recent exploitation of CVE-2025-53690, a ViewState Deserialization
zero-day vulnerability in SiteCore products, indicating that UAT-8837 may have
access to zero-day exploits.