Home / 2026 Advisories Archive

2026 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Industry Reference	Description
High	21 Jan 2026	21 Jan 2026	CPAI-2025-10878	CVE-2025-10243	Ivanti Endpoint Manager Mobile Command Injection (CVE-2025-10243)
High	21 Jan 2026	21 Jan 2026	CPAI-2025-11124	CVE-2025-64447	Fortinet FortiWeb Authentication Bypass (CVE-2025-64447)
High	18 Jan 2026	21 Jan 2026	CPAI-2025-11134	CVE-2025-52694	Advantech Multiple Products SQL Injection (CVE-2025-52694)
Critical	5 Jan 2026	20 Jan 2026	CPAI-2025-11049	CVE-2024-0536 CVE-2024-0537 CVE-2024-0538 CVE-2024-0539 CVE-2024-0540 CVE-2024-0542 CVE-2024-2980 CVE-2024-2981 CVE-2024-30587 CVE-2024-4240 CVE-2024-4241 CVE-2024-4242 CVE-2024-4243 CVE-2025-7529	Embedded Devices Web Servers Buffer Overflow (CVE-2024-0536; CVE-2024-0537; CVE-2024-0538; CVE-2024-0539; CVE-2024-0540; CVE-2024-0542; CVE-2024-2980; CVE-2024-2981; CVE-2024-30587; CVE-2024-4240; CVE-2024-4241; CVE-2024-4242; CVE-2024-4243; CVE-2025-7529)
High	20 Jan 2026	20 Jan 2026	CPAI-2025-11055	CVE-2024-33345 CVE-2025-60332	D-Link DIR-823G Denial of Service (CVE-2024-33345; CVE-2025-60332)
Critical	20 Jan 2026	20 Jan 2026	CPAI-2025-11036	CVE-2024-0571 CVE-2024-0572 CVE-2024-0573 CVE-2024-0574 CVE-2024-0575 CVE-2024-0576 CVE-2024-0577 CVE-2024-0578 CVE-2024-1783 CVE-2025-60684 CVE-2025-60688	TOTOLINK Multiple Products Stack Overflow (CVE-2024-0571; CVE-2024-0572; CVE-2024-0573; CVE-2024-0574; CVE-2024-0575; CVE-2024-0576; CVE-2024-0577; CVE-2024-0578; CVE-2024-1783; CVE-2025-60684; CVE-2025-60688)
Critical	20 Jan 2026	20 Jan 2026	CPAI-2024-5220	CVE-2024-41285	Suspicious Web Login Activity (CVE-2024-41285)
High	19 Jan 2026	20 Jan 2026	CPAI-2025-11041	CVE-2024-42941 CVE-2024-42943 CVE-2024-42951 CVE-2024-44386 CVE-2024-44387 CVE-2024-44390 CVE-2024-44859 CVE-2025-14994	Tenda FH Buffer Overflow (CVE-2024-42941; CVE-2024-42943; CVE-2024-42951; CVE-2024-44386; CVE-2024-44387; CVE-2024-44390; CVE-2024-44859; CVE-2025-14994)
High	19 Jan 2026	19 Jan 2026	CPAI-2025-10990	CVE-2024-42941 CVE-2024-42943 CVE-2024-42951 CVE-2024-44859 CVE-2025-14994	Tenda FH Buffer Overflow (CVE-2024-42941; CVE-2024-42943; CVE-2024-42951; CVE-2024-44859; CVE-2025-14994)
High	1 Jan 2026	19 Jan 2026	CPAI-2025-10668	CVE-2025-52691	SmarterMail Arbitrary File Upload (CVE-2025-52691)
High	19 Jan 2026	19 Jan 2026	CPAI-2026-0321	CVE-2026-23550	WordPress Modular DS Plugin Privilege Escalation (CVE-2026-23550)
Critical	19 Jan 2026	19 Jan 2026	CPAI-2024-5193	CVE-2024-4255 CVE-2024-4501 CVE-2024-4502 CVE-2024-4503 CVE-2024-4504 CVE-2024-4505 CVE-2024-4506 CVE-2024-4507 CVE-2024-4508 CVE-2024-4509 CVE-2024-4510 CVE-2024-4813 CVE-2024-4814 CVE-2024-4815	Ruijie RG-UAC Command Injection (CVE-2024-4255; CVE-2024-4501; CVE-2024-4502; CVE-2024-4503; CVE-2024-4504; CVE-2024-4505; CVE-2024-4506; CVE-2024-4507; CVE-2024-4508; CVE-2024-4509; CVE-2024-4510; CVE-2024-4813; CVE-2024-4814; CVE-2024-4815)
High	19 Jan 2026	19 Jan 2026	CPAI-2025-10966	CVE-2025-56241	Aztech DSL5005EN Authentication Bypass (CVE-2025-56241)
Medium	19 Jan 2026	19 Jan 2026	CPAI-2023-3183	CVE-2023-43770	Roundcube Webmail Cross-Site Scripting (CVE-2023-43770)
High	19 Jan 2026	19 Jan 2026	CPAI-2025-10823	CVE-2025-68472	MindsDB Directory Traversal (CVE-2025-68472)
High	19 Jan 2026	19 Jan 2026	CPAI-2025-10819	CVE-2025-15139	TRENDnet TEW-822DRE Command Injection (CVE-2025-15139)
High	19 Jan 2026	19 Jan 2026	CPAI-2025-11008	CVE-2025-64496	Open WebUI Remote Code Execution (CVE-2025-64496)
High	19 Jan 2026	19 Jan 2026	CPAI-2024-5187	CVE-2024-46215	Mercury KM08-708H Buffer Overflow (CVE-2024-46215)
Critical	19 Jan 2026	19 Jan 2026	CPAI-2024-5185	CVE-2024-52765	H3C GR-1800AX Command Injection (CVE-2024-52765)
High	19 Jan 2026	19 Jan 2026	CPAI-2024-5183	CVE-2024-35398 CVE-2024-35400 CVE-2024-35403	TOTOLINK CP900L Buffer Overflow (CVE-2024-35398; CVE-2024-35400; CVE-2024-35403)
High	19 Jan 2026	19 Jan 2026	CPAI-2026-0245	CVE-2026-0839	UTT 520W Buffer Overflow (CVE-2026-0839)
High	19 Jan 2026	19 Jan 2026	CPAI-2024-5194	CVE-2024-33344	D-Link DIR-822+ Command Injection (CVE-2024-33344)
Critical	19 Jan 2026	19 Jan 2026	CPAI-2025-10963	CVE-2025-66294 CVE-2025-66301	Grav Server-Side Template Injection (CVE-2025-66294; CVE-2025-66301)
High	18 Jan 2026	18 Jan 2026	CPAI-2025-10913	CVE-2025-52694	Advantech Multiple Products SQL Injection (CVE-2025-52694)
High	18 Jan 2026	18 Jan 2026	CPAI-2025-10761	CVE-2025-61812	Adobe ColdFusion Code Injection (CVE-2025-61812)
High	18 Jan 2026	18 Jan 2026	CPAI-2025-10903	CVE-2025-27800 CVE-2025-27802	Episerver CMS Cross-Site Scripting (CVE-2025-27800; CVE-2025-27802)
High	18 Jan 2026	18 Jan 2026	CPAI-2024-5164	CVE-2024-52301	Laravel Framework Security Bypass (CVE-2024-52301)
High	18 Jan 2026	18 Jan 2026	CPAI-2025-10905	CVE-2025-15131 CVE-2025-15132 CVE-2025-15133	ZSPACE Z4Pro+ Command Injection (CVE-2025-15131; CVE-2025-15132; CVE-2025-15133)
Critical	18 Jan 2026	18 Jan 2026	CPAI-2025-10901	CVE-2025-14191 CVE-2025-15089 CVE-2025-15090 CVE-2025-15092 CVE-2025-15428 CVE-2025-15429 CVE-2025-15430 CVE-2025-15431	UTT 512W Buffer Overflow (CVE-2025-14191; CVE-2025-15089; CVE-2025-15090; CVE-2025-15092; CVE-2025-15428; CVE-2025-15429; CVE-2025-15430; CVE-2025-15431)
High	18 Jan 2026	18 Jan 2026	CPAI-2024-5166	CVE-2024-35397	TOTOLINK CP900L Command Injection (CVE-2024-35397)
Medium	18 Jan 2026	18 Jan 2026	CPAI-2025-10680	CVE-2025-68614	LibreNMS Cross-Site Scripting (CVE-2025-68614)
High	18 Jan 2026	18 Jan 2026	CPAI-2026-0246	CVE-2026-0838	UTT 520W Buffer Overflow (CVE-2026-0838)
High	18 Jan 2026	18 Jan 2026	CPAI-2026-0244	CVE-2026-0840	UTT 520W Buffer Overflow (CVE-2026-0840)
High	18 Jan 2026	18 Jan 2026	CPAI-2026-0243	CVE-2026-0837	UTT 520W Buffer Overflow (CVE-2026-0837)
High	18 Jan 2026	18 Jan 2026	CPAI-2026-0242	CVE-2026-0841	UTT 520W Buffer Overflow (CVE-2026-0841)
High	15 Jan 2026	15 Jan 2026	CPAI-2025-10845	CVE-2025-64155	Fortinet FortiSIEM Command Injection (CVE-2025-64155)
High	15 Jan 2026	15 Jan 2026	CPAI-2025-10828	CVE-2025-15137	TRENDnet TEW-800MB Command Injection (CVE-2025-15137)
High	15 Jan 2026	15 Jan 2026	CPAI-2025-10601	CVE-2025-70161	EDIMAX BR-6208AC Command Injection (CVE-2025-70161)
High	15 Jan 2026	15 Jan 2026	CPAI-2025-10600	CVE-2025-67004	CouchCMS Information Disclosure (CVE-2025-67004)
High	15 Jan 2026	15 Jan 2026	CPAI-2025-10591	CVE-2025-67091	GL.Inet AX1800 Authentication Bypass (CVE-2025-67091)
High	15 Jan 2026	15 Jan 2026	CPAI-2017-2031	CVE-2017-20212	FLIR F/FC/PT/D Information Disclosure (CVE-2017-20212)
High	15 Jan 2026	15 Jan 2026	CPAI-2017-2030	CVE-2017-20215	FLIR FC-S/PT Command Injection (CVE-2017-20215)
High	15 Jan 2026	15 Jan 2026	CPAI-2017-2029	CVE-2017-20216	FLIR PT-Series Command Injection (CVE-2017-20216)
High	14 Jan 2026	14 Jan 2026	CPAI-2025-10778	CVE-2025-8110	Gogs Remote Code Execution (CVE-2025-8110)
Critical	14 Jan 2026	14 Jan 2026	CPAI-2024-5129	CVE-2020-12125 CVE-2024-10194	Wavlink Multiple Products Buffer Overflow (CVE-2020-12125; CVE-2024-10194)
High	14 Jan 2026	14 Jan 2026	CPAI-2024-5135	CVE-2024-21786 CVE-2024-28025 CVE-2024-28026 CVE-2024-28027	MC Technologies MC-LR Command Injection (CVE-2024-21786; CVE-2024-28025; CVE-2024-28026; CVE-2024-28027)
High	14 Jan 2026	14 Jan 2026	CPAI-2024-5133	CVE-2024-28640	TOTOLINK Multiple Products Buffer Overflow (CVE-2024-28640)
High	14 Jan 2026	14 Jan 2026	CPAI-2024-5131	CVE-2024-10429	Wavlink Multiple Products Command Injection (CVE-2024-10429)
High	14 Jan 2026	14 Jan 2026	CPAI-2025-10698	CVE-2022-44156 CVE-2022-44167 CVE-2022-44168 CVE-2022-44169 CVE-2024-10661 CVE-2025-11388 CVE-2025-5849	Tenda AC15 Buffer Overflow (CVE-2022-44156; CVE-2022-44167; CVE-2022-44168; CVE-2022-44169; CVE-2024-10661; CVE-2025-11388; CVE-2025-5849)
Medium	14 Jan 2026	14 Jan 2026	CPAI-2024-5090	CVE-2020-10986 CVE-2024-2816	Tenda AC15 Cross-Site Request Forgery (CVE-2020-10986; CVE-2024-2816)