< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2062 articles · page 54 of 104

Researchers Exploit 29 Zero-Days at Pwn2Own Automotive

🚗 On the second day of Pwn2Own Automotive 2026, security researchers earned $439,250 after exploiting 29 unique zero-day vulnerabilities in EV chargers, in-vehicle infotainment systems, and automotive operating systems. Contestants targeted fully patched devices such as the Phoenix Contact CHARX SEC-3150, ChargePoint Home Flex, and the Grizzl-E Smart 40A charging station. Fuzzware.io led the leaderboard after two days, and organizers confirmed vendors have 90 days to issue fixes before public disclosure by the Zero Day Initiative.
read more →

Actively Exploited Cisco UC RCE Flaw Requires Patching

⚠️ Cisco has released patches for a critical remote code execution vulnerability, CVE-2026-20045, affecting Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The flaw allows unauthenticated remote attackers to gain user access via crafted HTTP requests and then escalate privileges to root without user interaction. No workarounds exist; fixes are version-specific and organizations should apply the matching patch or migrate unsupported 12.5 systems.
read more →

Weintek cMT X Series Privilege Escalation Vulnerabilities

🔒 CISA reports two high-severity vulnerabilities in Weintek cMT X Series HMI devices that allow low-privileged users to escalate privileges and potentially take full control of affected units. Both issues (CVE-2025-14750 and CVE-2025-14751) receive a CVSS 3.1 base score of 8.3. Vendor firmware updates are available for specific models; apply vendor-supplied patches and follow network-segmentation mitigations.
read more →

CISA Adds Four Vulnerabilities to KEV Catalog; Agencies Urged

⚠️ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The entries include CVE-2025-31125 (Vite improper access control), CVE-2025-34026 (Versa Concerto improper authentication), CVE-2025-54313 (Prettier eslint-config-prettier embedded malicious code), and CVE-2025-68645 (Synacor Zimbra Collaboration Suite PHP remote file inclusion). CISA urges organizations to prioritize remediation and follow BOD 22-01 guidance to reduce exposure to active threats.
read more →

Hubitat Elevation Privilege Escalation Vulnerability

⚠️ CISA warns of an Authorization Bypass Through User-Controlled Key flaw (CVE-2026-1201) in Hubitat Elevation controllers that can allow an authenticated user to escalate privileges and control devices beyond their authorized scope. Affected models — C3, C4, C5, C7, C8, and C8 pro — are vulnerable prior to firmware 2.4.2.157. The issue carries a CVSS v3.1 base score of 9.1 (CRITICAL). Hubitat has released firmware 2.4.2.157 and CISA recommends timely upgrades and standard network isolation measures.
read more →

AutomationDirect CLICK PLC Password Storage Vulnerabilities

🔒 AutomationDirect reported two vulnerabilities in CLICK Programmable Logic Controllers (PLCs) — CVE-2025-67652 and CVE-2025-25051 — that expose stored credentials and weak encoding. Both issues carry a CVSS 3.1 base score of 6.1 (Medium) and affect C0-0x, C0-1x, and C2-x product versions. AutomationDirect recommends updating CLICK PLUS and PLC firmware to V3.90; until the update can be applied, implement compensating controls such as network isolation, restricted access, application whitelisting, and enhanced logging and monitoring. CISA notes these vulnerabilities are not exploitable remotely and no public exploitation has been reported.
read more →

Schneider Electric EcoStruxure Privilege Escalation Fix

⚠️ Schneider Electric has issued a fix for a local privilege escalation vulnerability in EcoStruxure Process Expert (CVE-2025-13905) caused by incorrect default permissions. An attacker with local access could modify executable service binaries and gain elevated privileges when services restart. Version 2025 contains the vendor fix; interim mitigations include application whitelisting and restricting privileged accounts.
read more →

Johnson Controls ICU Stack-Based Overflow Patch Available

⚠️ The Cybersecurity and Infrastructure Security Agency (CISA) warns of a stack-based buffer overflow in Johnson Controls' iSTAR Configuration Utility (ICU), tracked as CVE-2025-26386. The vulnerability affects ICU versions <= 6.9.7 and, under certain conditions, could lead to an operating system failure on the host machine. Johnson Controls released a vendor fix; update ICU to version 6.9.8. CISA recommends applying the update promptly and following network-segmentation and remote-access best practices to reduce exposure.
read more →

DIAView Command Injection Advisory — CVE-2026-0975

⚠️ DIAView contains a command injection vulnerability (CVE-2026-0975) that allows project scripts to execute shell commands when a malicious project is opened. Successful exploitation can result in arbitrary code execution on affected installations of Delta Electronics DIAView version 4.2.0. Delta recommends updating to DIAView v4.4 or later and following defensive measures such as isolating control networks, avoiding untrusted files or links, and using secure remote access methods.
read more →

Rockwell CompactLogix 5370 DoS Vulnerability Advisory

⚠️ Rockwell Automation's CompactLogix 5370 controllers are affected by a denial-of-service vulnerability (CVE-2025-11743) that can produce a major nonrecoverable fault requiring a restart. The issue is triggered by a malformed CIP Forward Open message and has a CVSS v3.1 base score of 6.5. Affected versions include <=34.013, <=35.012, and 36.011; fixed releases include 37.011, 34.016, 35.015, and 36.012. Rockwell reported the issue to CISA; no known public exploitation has been reported and CISA notes the vulnerability is not exploitable remotely. Users unable to upgrade should follow security best practices to limit exposure.
read more →

EVMAPA EV Charging Stations: Critical Authentication Flaws

🔒 CISA warns of multiple high-severity vulnerabilities in EVMAPA electric vehicle charging station software, including missing authentication on a WebSocket endpoint (CVE-2025-54816), unlimited authentication attempts (CVE-2025-53968), and insufficient session expiration (CVE-2025-55705). Exploitation could enable unauthorized remote command execution, spoofing of station statuses, or denial-of-service, with a top CVSS score of 9.4. Vendor responses vary: EVMAPA plans BASIC auth for OCPP 2.x, uses WSS and vendor VPN for some deployments, and reports one issue has been fixed.
read more →

SmarterMail authentication bypass patched, now exploited

🔒 Researchers report an authentication bypass in SmarterTools SmarterMail (tracked as WT-2026-0001) being actively exploited days after a Jan 15, 2026 patch (Build 9511). An unauthenticated HTTP request to the /api/v1/auth/force-reset-password endpoint can set an IsSysAdmin flag and reset any administrator password if the attacker knows the admin username. The same privileged path enables SYSTEM-level remote code execution via the product's Volume Mount Command feature. watchTowr Labs went public after community reports showed the endpoint was used to change an admin password on Jan 17, indicating rapid patch reversal by attackers.
read more →

Cisco Fixes Actively Exploited Zero-Day in Unified CM, Webex

🔒 Cisco released patches for a critical, actively exploited vulnerability tracked as CVE-2026-20045 that affects multiple Unified Communications products and Webex Calling Dedicated Instance. The flaw (CVSS 8.2) allows unauthenticated remote attackers to execute arbitrary commands via crafted HTTP requests against the web-based management interface. Cisco urged customers to upgrade to fixed releases or apply published patch files; there are no workarounds. The U.S. CISA has added the issue to its KEV catalog with a remediation deadline of February 11, 2026.
read more →

GitLab 2FA Bypass Vulnerability Requires Immediate Patch

🔒 A critical two-factor authentication bypass (CVE-2026-0723) in GitLab Community and Enterprise editions allows an attacker who knows a user’s credentials to submit forged device responses and bypass MFA. GitLab released patches in versions 18.8.2, 18.7.2 and 18.6.4 and strongly recommends that all self-managed instances upgrade immediately. Additional fixes address several denial-of-service and authorization flaws; GitLab.com and Dedicated tenants are already protected.
read more →

Chainlit vulnerabilities allow file reads, SSRF in cloud

🔒 Chainlit, a widely used open-source framework for building conversational AI, contained two high-severity flaws that enable arbitrary file reads and server-side request forgery without user interaction. Zafran Labs labeled the issues CVE-2026-22218 and CVE-2026-22219, which together can expose API keys, cloud credentials, source code, and internal services. The defects were fixed in v2.9.4; organizations should upgrade to 2.9.4 or later immediately and inspect for potential data exfiltration.
read more →

Cisco fixes critical Unified Communications RCE zero-day

🔒 Cisco released patches to address a critical remote code execution vulnerability, CVE-2026-20045, actively exploited against Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The flaw stems from improper validation of user-supplied input in HTTP requests to the web management interface and can allow an attacker to gain user access and escalate to root. Administrators should apply the version-specific updates or provided .cop patch files immediately, as Cisco reports no available workarounds.
read more →

Oracle issues 337 patches including critical Tika fix

🛡️ Oracle's January quarterly update delivers 337 security fixes across its product portfolio, including 27 rated critical. The vendor reports no known in-the-wild exploitation at release, but urges priority attention to the 13 CVEs mapped to critical severity. A substantial share of patches address third-party and open-source components such as Apache Tika, creating cross-product CVE overlap and assessment complexity.
read more →

Patched FortiGate Firewalls Still Being Compromised

🚨Fortinet customers report attackers bypassing a previously patched FortiGate authentication flaw (CVE-2025-59718) to create admin accounts on devices running FortiOS 7.4.9 and 7.4.10. Fortinet reportedly plans releases of FortiOS 7.4.11, 7.6.6 and 8.0.0 to fully remediate the issue. Until those updates are available, admins are advised to disable FortiCloud SSO using the GUI or the CLI mitigation steps Fortinet published. Shadowserver found over 25,000 devices with FortiCloud SSO enabled in mid-December, and CISA has listed the vulnerability as actively exploited and ordered expedited patching.
read more →

Zoom and GitLab Release Patches for Critical Flaws

🔒 Zoom and GitLab released security updates to address multiple vulnerabilities that could enable denial-of-service, remote code execution, and a two-factor authentication bypass. The most severe is a critical command injection in Zoom Node Multimedia Routers (CVE-2026-22844, CVSS 9.9) that may allow remote code execution; Zoom reports no evidence of active exploitation. GitLab patched several high-severity DoS and 2FA-bypass issues across CE and EE releases. Administrators should apply the provided patches, upgrade affected modules, and review exposure to untrusted networks immediately.
read more →

Microsoft shares workaround for Outlook freezing issue

🔧 Microsoft provided a temporary workaround for users whose Outlook desktop client freezes after installing this month's Windows security updates. The bug affects POP accounts and configurations that store PST files on cloud-backed storage such as OneDrive or Dropbox, and has been reported on Windows 11 25H2 and 24H2, Windows 10, and multiple Windows Server releases. Microsoft recommends accessing mail via webmail, moving PST files out of OneDrive, or uninstalling the KB5074109/KB5073724 updates via Settings > Windows Update > Update history > Uninstall updates, while warning that removing security updates increases exposure to threats.
read more →