文章总结: 本文汇总2026年1月12日高危漏洞情报,重点披露ApacheStrutsS2-069XXE严重漏洞,含POC及修复方案。此外整合了绿盟72条漏洞信息,涉及Intel、Adobe、D-Link等厂商的多个CVE,涵盖资源消耗、SQL注入及命令注入等风险,建议及时排查修复。 综合评分: 65 文章分类: 威胁情报,漏洞预警,WEB安全,安全运营
高危漏洞威胁情报合集 (2026-01-12)
原创
0xSecDebug
0xSecDebug
2026年1月12日 17:25 陕西
请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具和内容均来自网络,仅做学习和记录使用,安全性自测,如有侵权请联系删除。
如果师傅们想要第一时间获取到最新的威胁情报,可以添加下面我创建的钉钉漏洞威胁情报群,便于师傅们可以及时获取最新的IOC
#
Apache Struts S2-069 XXE漏洞
CVE编号: 暂无
危害定级: 严重
漏洞标签: 有Poc有漏洞分析有修复方案
披露日期: 2026-01-11
推送原因: 漏洞创建
信息来源:
绿盟漏洞情报(2026-01-12)
📊 数据来源:绿盟 www.nsfocus.net | 有效漏洞:72 条
Intel Tiber Edge Platform和Edge Orchestrator不受控制的资源消耗漏洞(CVE-2025-26472)
https://www.nsfocus.net/vulndb/132359
2026-01-12
Adobe Illustrator越界写入漏洞(CVE-2025-49563)
https://www.nsfocus.net/vulndb/132358
2026-01-12
Adobe Illustrator内存错误引用漏洞(CVE-2025-49568)
https://www.nsfocus.net/vulndb/132357
2026-01-12
Adobe Commerce跨站请求伪造漏洞(CVE-2025-49555)
https://www.nsfocus.net/vulndb/132356
2026-01-12
Intel Xeon Processor安全检查实现错误漏洞(CVE-2025-32086)
https://www.nsfocus.net/vulndb/132355
2026-01-12
Intel Tiber Edge Platform和Edge Orchestrator输入验证错误漏洞(CVE-2025-27537)
https://www.nsfocus.net/vulndb/132354
2026-01-12
Intel Tiber Edge Platform和Edge Orchestrator不受控制的资源消耗漏洞(CVE-2025-27250)
https://www.nsfocus.net/vulndb/132353
2026-01-12
Intel 700 Series Ethernet不受控制的资源消耗漏洞漏洞(CVE-2025-26863)
https://www.nsfocus.net/vulndb/132352
2026-01-12
Intel 700 Series Ethernet不受控制的资源消耗漏洞漏洞(CVE-2025-26697)
https://www.nsfocus.net/vulndb/132351
2026-01-12
Adobe Commerce跨站脚本漏洞(CVE-2025-49557)
https://www.nsfocus.net/vulndb/132350
2026-01-12
WeGIA SQL注入漏洞(CVE-2025-55167)
https://www.nsfocus.net/vulndb/132349
2026-01-12
Adobe Illustrator堆栈缓存区溢出漏洞(CVE-2025-49564)
https://www.nsfocus.net/vulndb/132348
2026-01-12
Adobe Illustrator空指针解引用漏洞(CVE-2025-49567)
https://www.nsfocus.net/vulndb/132347
2026-01-12
Adobe Commerce授权错误漏洞(CVE-2025-49556)
https://www.nsfocus.net/vulndb/132346
2026-01-12
Intel TDX Module firmware锁定错误漏洞(CVE-2025-20044)
https://www.nsfocus.net/vulndb/132345
2026-01-12
Mercury KM08-708H GiGA WiFi Wave2堆栈缓冲区溢出漏洞(CVE-2025-10392)
https://www.nsfocus.net/vulndb/132344
2026-01-12
fcba_zzm ics-park Smart Park Management System代码注入漏洞(CVE-2025-10394)
https://www.nsfocus.net/vulndb/132343
2026-01-12
eCharge Hardy Barth Salia PLCC危险类型文件不受限上传漏洞(CVE-2025-10371)
https://www.nsfocus.net/vulndb/132342
2026-01-12
MiczFlor RPi-Jukebox-RFID操作系统命令注入漏洞(CVE-2025-10328)
https://www.nsfocus.net/vulndb/132341
2026-01-12
AMD StoreMI DLL劫持漏洞(CVE-2024-21922)
https://www.nsfocus.net/vulndb/132340
2026-01-12
Wavlink WL-WN578W2操作系统命令注入漏洞(CVE-2025-10359)
https://www.nsfocus.net/vulndb/132339
2026-01-12
Evertz SDVN 3080ipx-10G不合理授权漏洞(CVE-2025-10365)
https://www.nsfocus.net/vulndb/132338
2026-01-12
Mercury KM08-708H GiGA WiFi Wave2缓冲区溢出漏洞(CVE-2025-10385)
https://www.nsfocus.net/vulndb/132337
2026-01-12
Sixun Business Management System不合理授权漏洞(CVE-2025-10374)
https://www.nsfocus.net/vulndb/132336
2026-01-12
Portabilis i-Educar跨站脚本漏洞(CVE-2025-10373)
https://www.nsfocus.net/vulndb/132335
2026-01-12
PHPGurukul Beauty Parlour Management System SQL注入漏洞(CVE-2025-10403)
https://www.nsfocus.net/vulndb/132334
2026-01-12
Yoshiki Miurla Morphic服务器端请求伪造漏洞(CVE-2025-10393)
https://www.nsfocus.net/vulndb/132333
2026-01-12
magicblack maccms10服务器端请求伪造漏洞(CVE-2025-10397)
https://www.nsfocus.net/vulndb/132332
2026-01-12
WordPress plugin System Dashboard跨站请求伪造漏洞(CVE-2025-10377)
https://www.nsfocus.net/vulndb/132331
2026-01-12
Yida ECMS Consulting Enterprise Management System跨站脚本漏洞(CVE-2025-10386)
https://www.nsfocus.net/vulndb/132330
2026-01-12
linlinjava litemall不合理授权漏洞(CVE-2025-10291)
https://www.nsfocus.net/vulndb/132329
2026-01-12
zhijiantianya ruoyi-vue-pro不合理授权漏洞(CVE-2025-10278)
https://www.nsfocus.net/vulndb/132328
2026-01-12
SEAT Queue Ticket Kiosk不受信数据反序列化漏洞(CVE-2025-10252)
https://www.nsfocus.net/vulndb/132327
2026-01-12
Selleo Mentingo跨站脚本漏洞(CVE-2025-10388)
https://www.nsfocus.net/vulndb/132326
2026-01-12
AxxonSoft AxxonOne会话过期不足漏洞(CVE-2025-10223)
https://www.nsfocus.net/vulndb/132325
2026-01-12
binary-husky GPT Academic路径遍历漏洞(CVE-2025-10236)
https://www.nsfocus.net/vulndb/132324
2026-01-12
MiczFlor RPi-Jukebox-RFID跨站脚本漏洞(CVE-2025-10370)
https://www.nsfocus.net/vulndb/132323
2026-01-12
Display Paineis TGA路径遍历漏洞(CVE-2025-10245)
https://www.nsfocus.net/vulndb/132322
2026-01-12
Siddhant Gour Jasmin Ransomware SQL注入漏洞(CVE-2025-10387)
https://www.nsfocus.net/vulndb/132321
2026-01-12
N-able N-central默认权限错误漏洞(CVE-2025-10231)
https://www.nsfocus.net/vulndb/132320
2026-01-12
AxxonSoft AxxonOne信息泄漏漏洞(CVE-2025-10222)
https://www.nsfocus.net/vulndb/132319
2026-01-12
WordPress plugin Backuply路径遍历漏洞(CVE-2025-10307)
https://www.nsfocus.net/vulndb/132318
2026-01-12
CRMEB服务器端请求伪造漏洞(CVE-2025-10391)
https://www.nsfocus.net/vulndb/132317
2026-01-12
Jeecg JeecgBoot不合理授权漏洞(CVE-2025-10319)
https://www.nsfocus.net/vulndb/132316
2026-01-12
RuoYi不合理授权漏洞(CVE-2025-10384)
https://www.nsfocus.net/vulndb/132315
2026-01-12
CRMEB不合理授权漏洞(CVE-2025-10390)
https://www.nsfocus.net/vulndb/132314
2026-01-12
AxxonSoft AxxonOne身份认证错误漏洞(CVE-2025-10224)
https://www.nsfocus.net/vulndb/132313
2026-01-12
Wavlink WL-WN578W2命令注入漏洞(CVE-2025-10325)
https://www.nsfocus.net/vulndb/132312
2026-01-12
Freshworks Platform开放重定向漏洞(CVE-2025-10229)
https://www.nsfocus.net/vulndb/132311
2026-01-12
svg-sanitize跨站脚本漏洞(CVE-2025-55166)
https://www.nsfocus.net/vulndb/132310
2026-01-12
Junnan Wang Dreamer CMS弱口令使用漏洞(CVE-2025-10320)
https://www.nsfocus.net/vulndb/132309
2026-01-12
Colin Devroe Unmark跨站脚本漏洞(CVE-2025-10332)
https://www.nsfocus.net/vulndb/132308
2026-01-12
WhatCD Gazelle跨站脚本漏洞(CVE-2025-10340)
https://www.nsfocus.net/vulndb/132307
2026-01-12
Korzh EasyQuery SQL注入漏洞(CVE-2025-10399)
https://www.nsfocus.net/vulndb/132306
2026-01-12
Perfex CRM跨站脚本漏洞(CVE-2025-10346)
https://www.nsfocus.net/vulndb/132305
2026-01-12
Ascensio System ONLYOFFICE跨站脚本漏洞(CVE-2025-10255)
https://www.nsfocus.net/vulndb/132304
2026-01-12
D-Link DIR-823X命令注入漏洞(CVE-2025-10401)
https://www.nsfocus.net/vulndb/132303
2026-01-12
DJI Mavic硬编码加密密钥使用漏洞(CVE-2025-10250)
https://www.nsfocus.net/vulndb/132302
2026-01-12
JEPaaS访问控制错误漏洞(CVE-2025-10247)
https://www.nsfocus.net/vulndb/132301
2026-01-12
Scada-LTS跨站脚本漏洞(CVE-2025-10235)
https://www.nsfocus.net/vulndb/132300
2026-01-12
warlee kodbox路径遍历漏洞(CVE-2025-10233)
https://www.nsfocus.net/vulndb/132299
2026-01-12
YunaiV yudao-cloud不合理授权漏洞(CVE-2025-10277)
https://www.nsfocus.net/vulndb/132298
2026-01-12
FoxCMS SQL注入漏洞(CVE-2025-10251)
https://www.nsfocus.net/vulndb/132297
2026-01-12
erjinzhi 10OA跨站脚本漏洞(CVE-2025-10274)
https://www.nsfocus.net/vulndb/132296
2026-01-12
RonCoo roncoo-pay身份认证错误漏洞(CVE-2025-10288)
https://www.nsfocus.net/vulndb/132295
2026-01-12
openDCIM跨站脚本漏洞(CVE-2025-10253)
https://www.nsfocus.net/vulndb/132294
2026-01-12
Autodesk Fusion跨站脚本漏洞(CVE-2025-10244)
https://www.nsfocus.net/vulndb/132293
2026-01-12
299Ko路径遍历漏洞(CVE-2025-10232)
https://www.nsfocus.net/vulndb/132292
2026-01-12
WordPress plugin Spirit Framework本地文件包含漏洞(CVE-2025-10269)
https://www.nsfocus.net/vulndb/132291
2026-01-12
Lokesh Kumar PHP-Code-For-Unlimited-File-Upload跨站脚本漏洞(CVE-2025-10246)
https://www.nsfocus.net/vulndb/132290
2026-01-12
SourceCodester Food Ordering Management System SQL注入漏洞(CVE-2025-10400)
https://www.nsfocus.net/vulndb/132289
2026-01-12
fcba_zzm ics-park Smart Park Management System危险类型文件不受限上传漏洞(CVE-2025-10398)
https://www.nsfocus.net/vulndb/132288
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:0xSecDebug 0xSecDebug《高危漏洞威胁情报合集 (2026-01-12)》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论