Vulnerability Summary for the Week of February 2, 2026

2026-02-09 21:02

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
Insaat–Fikir Odalari AdminPando	A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).	2026-02-03	10	CVE-2025-10878	https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/ https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi
Zenitel–TCIS-3+	This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.	2026-02-04	10	CVE-2025-59818	Zenitel Release Notes Turbine Zenitel Security Advisory Zenitel Release Notes Fortitude8 Zenitel Release Notes ZIPS Zenitel Release Notes Fortitude6 Zenitel Release Notes Display Series
n/a–Docan[.]co	Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_KEY), database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, enabling complete system compromise including authentication bypass via session token forgery, direct database access to all tenant data, and email infrastructure takeover. Due to the multi-tenancy architecture, this vulnerability affects all tenants in the system.	2026-02-03	10	CVE-2025-70841	https://codecanyon.net/item/dokans-multitenancy-based-ecommerce-platform-saas/31122915 https://github.com/cod3rLucas/security-advisories/blob/main/CVE-2025-70841.md
Synectix–LAN 232 TRIO	The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.	2026-02-03	10	CVE-2026-1633	https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json
SignalK–si […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of February 2, 2026 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← AI Agents Are Creating Insider Security Threat Blind Spots, Research Finds Zscaler Bolsters Zero Trust Arsenal with Acquisition of Browser Security Firm SquareX → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Telegram Channel Recent Posts IT Security News Daily Summary 2026-02-09 February 10, 2026 Hackers Deliver Global Group Ransomware Offline via Phishing Emails February 10, 2026 10K Claude Desktop Users Exposed by Zero-Click Vulnerability February 10, 2026 Someone’s attacking SolarWinds WHD to steal high‑privilege credentials – but we don’t know who or how February 10, 2026 Critical Fortinet FortiClientEMS flaw allows remote code execution February 9, 2026 BeyondTrust fixes critical pre-auth bug allowing remote code execution February 9, 2026 Google Warns Over 1 Billion Android Phones Are Now at Risk February 9, 2026 23andMe Data Breach Settlement Deadline Is Near: Here’s How Much You Could Get February 9, 2026 A leader’s guide to integrating EDR, SIEM and SOAR February 9, 2026 Zscaler Bolsters Zero-Trust Arsenal with Acquisition of Browser Security Firm SquareX February 9, 2026 IT Security News Hourly Summary 2026-02-09 21h : 5 posts February 9, 2026 Zscaler Bolsters Zero Trust Arsenal with Acquisition of Browser Security Firm SquareX February 9, 2026 Vulnerability Summary for the Week of February 2, 2026 February 9, 2026 AI Agents Are Creating Insider Security Threat Blind Spots, Research Finds February 9, 2026 Is your phone listening to you? (re-air) (Lock and Code S07E03) February 9, 2026 A one-prompt attack that breaks LLM safety alignment February 9, 2026 Cyber Attack Hits European Commission Staff Mobile Systems February 9, 2026 Hacked, leaked, exposed: Why you should never use stalkerware apps February 9, 2026 Hackers Exploiting Ivanti EPMM Devices to Deploy Dormant Backdoors February 9, 2026 China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign February 9, 2026 Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}