Security Vulnerabilities
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.
Affected Products:
airMAX AC (Version 8.7.20 and earlier)
airMAX M (Version 6.3.22 and earlier)
airFiber AF60-XG (Version 1.2.2 and earlier)
airFiber AF60 (Version 2.6.7 and earlier)
Mitigation:
Update your airMAX AC to Version 8.7.21 or later.
Update your airMAX M to Version 6.3.24 or later.
Update your airFiber AF60-XG to Version 1.2.3 or later.
Update your airFiber AF60 to Version 2.6.8 or later.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-08
This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
CVSS Score
9.0
EPSS Score
0.003
Published
2026-01-08
This vulnerability allows a Backup or Tape Operator to write files as root.
CVSS Score
9.0
EPSS Score
0.001
Published
2026-01-08
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
CVSS Score
9.0
EPSS Score
0.003
Published
2026-01-08
indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-08
There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-01-08
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-01-08
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-08
Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-08
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users' sessions
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-08