High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Insaat–Fikir Odalari AdminPando | A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | 2026-02-03 | 10 | CVE-2025-10878 | https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-bypass-in-fikir-odalar%C4%B1-adminpando/ https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi |
| Zenitel–TCIS-3+ | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | 2026-02-04 | 10 | CVE-2025-59818 | Zenitel Release Notes Turbine Zenitel Security Advisory Zenitel Release Notes Fortitude8 Zenitel Release Notes ZIPS Zenitel Release Notes Fortitude6 Zenitel Release Notes Display Series |
| n/a–Docan[.]co | Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_KEY), database credentials, SMTP/SendGrid API credentials, and internal configuration parameters, enabling complete system compromise including authentication bypass via session token forgery, direct database access to all tenant data, and email infrastructure takeover. Due to the multi-tenancy architecture, this vulnerability affects all tenants in the system. | 2026-02-03 | 10 | CVE-2025-70841 | https://codecanyon.net/item/dokans-multitenancy-based-ecommerce-platform-saas/31122915 https://github.com/cod3rLucas/security-advisories/blob/main/CVE-2025-70841.md |
| Synectix–LAN 232 TRIO | The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device. | 2026-02-03 | 10 | CVE-2026-1633 | https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json |
| SignalK–si […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |