🟠 CVE-2026-21267 - High (8.6)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21267/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-67146 - Critical (9.4)

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An un...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67146/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-46685 - High (7.5)

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevatio...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46685/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-13774 - High (8.8)

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13774/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-25249 - High (8.1)

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiS...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-25249/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-0507 - High (8.4)

Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If pro...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0507/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2025-36640 - High (8.8)

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-36640/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🔴 CVE-2025-10915 - Critical (9.8)

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10915/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

FYI: Es gibt einen Micropatch für die CredsSSP-Schwachstelle CVE-2025-47987 für Windows-Systeme, die von MS keine Updates mehr bekommen.

https://borncity.com/blog/2026/01/13/0patch-micropatch-fuer-credssp-schwachstelle-cve-2025-47987/