Security Vulnerabilities
A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-11
A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-11
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.
CVSS Score
6.3
EPSS Score
0.001
Published
2026-01-10
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-01-10
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-01-10
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.
Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.
This issue affects Apache NimBLE: through <= 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-10
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver.
This issue affects Apache NimBLE: through 1.8.
This issue requires a broken or bogus Bluetooth controller and thus severity is considered low.
Users are recommended to upgrade to version 1.9, which fixes the issue.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-01-10
NULL Pointer Dereference vulnerability in Apache Nimble.
Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference.
This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-01-10
Authentication Bypass by Spoofing vulnerability in Apache NimBLE.
Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor.
This issue affects Apache NimBLE: through 1.8.0.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-10
A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-10