绿盟漏洞情报(2026-01-16)

admin
admin
admin
0
文章
0
评论
2026-01-17 01:18:54 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 本文汇总绿盟2026年1月16日发布的75条漏洞情报,涉及Microsoft、GitLab、Vim、BouncyCastle等组件及多种IoT设备。主要风险包括SQL注入、缓冲区溢出、权限提升及命令注入,其中GitLab授权绕过与Azure权限提升需重点关注。建议相关方及时修补并更新至安全版本,防止被恶意利用。 综合评分: 50 文章分类: 漏洞预警,威胁情报,应用安全,WEB安全,IoT安全

cover_image

绿盟漏洞情报(2026-01-16)

原创

0xSecDebug 0xSecDebug

0xSecDebug

2026年1月16日 18:38 陕西

请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具和内容均来自网络,仅做学习和记录使用,安全性自测,如有侵权请联系删除。

如果师傅们想要第一时间获取到最新的威胁情报,可以添加下面我创建的钉钉漏洞威胁情报群,便于师傅们可以及时获取最新的IOC。

🔴 绿盟漏洞情报(2026-01-16)

📊 数据来源:绿盟 www.nsfocus.net | 有效漏洞:75 条

2026-01-16

FNKvision Y215 CCTV Camera硬编码凭据使用漏洞(CVE-2025-9380)

https://www.nsfocus.net/vulndb/133057

2026-01-16

PHPGurukul Online Course Registration SQL注入漏洞(CVE-2025-9307)

https://www.nsfocus.net/vulndb/133056

2026-01-16

yarnpkg Yarn不受控制的资源消耗漏洞(CVE-2025-9308)

https://www.nsfocus.net/vulndb/133055)

2026-01-16

Opto 22 groov RIO操作系统命令注入漏洞(CVE-2025-13087)

https://www.nsfocus.net/vulndb/133054

2026-01-16

CodeAstro Ecommerce Website跨站脚本漏洞(CVE-2025-9237)

https://www.nsfocus.net/vulndb/133053

2026-01-16

Xuxueli xxl-job授权绕过漏洞(CVE-2025-9264)

https://www.nsfocus.net/vulndb/133052

2026-01-16

Tenda M3堆栈缓冲区溢出漏洞(CVE-2025-9299)

https://www.nsfocus.net/vulndb/133051

2026-01-16

IBM Concert跨站脚本漏洞(CVE-2025-36153)

https://www.nsfocus.net/vulndb/133050

2026-01-16

Microsoft Azure Monitor权限提升漏洞(CVE-2025-62207)

https://www.nsfocus.net/vulndb/133049

2026-01-16

Emlog Pro危险类型文件不受限上传漏洞(CVE-2025-9296)

https://www.nsfocus.net/vulndb/133048

2026-01-16

Microsoft Defender门户欺骗漏洞(CVE-2025-62459)

https://www.nsfocus.net/vulndb/133047

2026-01-16

appneta tcpreplay空指针引用漏洞(CVE-2025-9384)

https://www.nsfocus.net/vulndb/133046

2026-01-16

DCN DCME-720操作系统命令注入漏洞(CVE-2025-9387)

https://www.nsfocus.net/vulndb/133045

2026-01-16

vim内存破坏漏洞(CVE-2025-9389)

https://www.nsfocus.net/vulndb/133044

2026-01-16

vim缓冲区溢出漏洞(CVE-2025-9390)

https://www.nsfocus.net/vulndb/133043

2026-01-16

Bjskzy Zhiyou ERP SQL注入漏洞(CVE-2025-9391)

https://www.nsfocus.net/vulndb/133042

2026-01-16

OnTheRoad wblog服务器端请求伪造漏洞(CVE-2025-9395)

https://www.nsfocus.net/vulndb/133041

2026-01-16

PHPGurukul User Management System SQL注入漏洞(CVE-2025-9302)

https://www.nsfocus.net/vulndb/133040

2026-01-16

SourceCodester Advanced School Management System跨站脚本漏洞(CVE-2025-9306)

https://www.nsfocus.net/vulndb/133039

2026-01-16

CampCodes Complete Online Beauty Parlor Management System代码注入漏洞(CVE-2025-13484)

https://www.nsfocus.net/vulndb/133038

2026-01-16

Swatadru Paul Swatadru Exam-Seating-Arrangement SQL注入漏洞(CVE-2025-9238)

https://www.nsfocus.net/vulndb/133037

2026-01-16

TOTOLINK A720R缓冲区溢出漏洞(CVE-2025-9303)

https://www.nsfocus.net/vulndb/133036

2026-01-16

FS S3150-8T2F信息泄漏漏洞(CVE-2025-25613)

https://www.nsfocus.net/vulndb/133035

2026-01-16

IBM webMethods Integration任意代码执行漏洞(CVE-2025-36072)

https://www.nsfocus.net/vulndb/133034

2026-01-16

IBM Concert信息泄漏漏洞(CVE-2025-36160)

https://www.nsfocus.net/vulndb/133033

2026-01-16

Microsoft Visual Studio Code访问控制错误漏洞(CVE-2025-64660)

https://www.nsfocus.net/vulndb/133032

2026-01-16

Microsoft Dynamics OmniChannel SDK Storage Containers权限提升漏洞(CVE-2025-64655)

https://www.nsfocus.net/vulndb/133031

2026-01-16

Qlik Sense Enterprise信息泄漏漏洞(CVE-2025-61138)

https://www.nsfocus.net/vulndb/133030

2026-01-16

Bouncy Castle越界写入漏洞(CVE-2025-9340)

https://www.nsfocus.net/vulndb/133029

2026-01-16

Microsoft Azure Bastion权限提升漏洞(CVE-2025-49752)

https://www.nsfocus.net/vulndb/133028

2026-01-16

Bouncy Castle不受控制的资源消耗漏洞(CVE-2025-9341)

https://www.nsfocus.net/vulndb/133027

2026-01-16

Microsoft SharePoint权限提升漏洞(CVE-2025-59245)

https://www.nsfocus.net/vulndb/133026

2026-01-16

itsourcecode Online File Management System SQL注入漏洞(CVE-2025-13485)

https://www.nsfocus.net/vulndb/133025

2026-01-16

ckolivas lrzip空指针引用漏洞(CVE-2025-9396)

https://www.nsfocus.net/vulndb/133024

2026-01-16

vLLM内存破坏漏洞(CVE-2025-62164)

https://www.nsfocus.net/vulndb/133023

2026-01-16

givanz Vvveb危险类型文件不受限上传漏洞(CVE-2025-9397)

https://www.nsfocus.net/vulndb/133022

2026-01-16

vLLM输入验证错误漏洞(CVE-2025-62372)

https://www.nsfocus.net/vulndb/133021

2026-01-16

YiFang CMS SQL注入漏洞(CVE-2025-9399)

https://www.nsfocus.net/vulndb/133020

2026-01-16

FNKvision Y215 CCTV Camera信息泄漏漏洞(CVE-2025-9381)

https://www.nsfocus.net/vulndb/133019

2026-01-16

FNKvision Y215 CCTV Camera损坏或风险加密算法使用漏洞(CVE-2025-9383)

https://www.nsfocus.net/vulndb/133018

2026-01-16

usualtool UTCMS服务器端请求伪造漏洞(CVE-2025-9402)

https://www.nsfocus.net/vulndb/133017

2026-01-16

mblog邮件枚举漏洞(CVE-2025-8927)

https://www.nsfocus.net/vulndb/133016

2026-01-16

Synergetic Data Systems UnForm Server Manager路径遍历漏洞(CVE-2025-34154)

https://www.nsfocus.net/vulndb/133015

2026-01-16

Online Water Billing System SQL注入漏洞(CVE-2025-8924)

https://www.nsfocus.net/vulndb/133014

2026-01-16

hortusfox-web跨站脚本漏洞(CVE-2025-45316)

https://www.nsfocus.net/vulndb/133013

2026-01-16

Amazon EMR以可恢复的格式存储密码漏洞(CVE-2025-8904)

https://www.nsfocus.net/vulndb/133012

2026-01-16

HP PC权限提升漏洞(CVE-2024-5477)

https://www.nsfocus.net/vulndb/133011

2026-01-16

hortusfox-web命令注入漏洞(CVE-2025-45317)

https://www.nsfocus.net/vulndb/133010

2026-01-16

Netis WF2880缓冲区溢出漏洞(CVE-2025-50617)

https://www.nsfocus.net/vulndb/133009

2026-01-16

Netis WF2880缓冲区溢出漏洞(CVE-2025-50616)

https://www.nsfocus.net/vulndb/133008

2026-01-16

Olivetin操作系统命令注入漏洞(CVE-2025-50946)

https://www.nsfocus.net/vulndb/133007

2026-01-16

COVID 19 Testing Management System SQL注入漏洞(CVE-2025-8926)

https://www.nsfocus.net/vulndb/133006

2026-01-16

hortusfox-web跨站脚本漏洞(CVE-2025-45315)

https://www.nsfocus.net/vulndb/133005

2026-01-16

NVIDIA Megatron-LM代码注入漏洞(CVE-2025-23306)

https://www.nsfocus.net/vulndb/133004

2026-01-16

Medical Store Management System SQL注入漏洞(CVE-2025-8929)

https://www.nsfocus.net/vulndb/133003

2026-01-16

Medical Store Management System SQL注入漏洞(CVE-2025-8928)

https://www.nsfocus.net/vulndb/133002

2026-01-16

GitLab CE/EE不受限的资源分配漏洞(CVE-2025-2614)

https://www.nsfocus.net/vulndb/133001

2026-01-16

GitLab CE/EE权限分配错误漏洞(CVE-2025-5819)

https://www.nsfocus.net/vulndb/133000

2026-01-16

GitLab CE/EE跨站脚本漏洞(CVE-2025-7734)

https://www.nsfocus.net/vulndb/132999

2026-01-16

Netis WF2880缓冲区溢出漏洞(CVE-2025-50615)

https://www.nsfocus.net/vulndb/132998

2026-01-16

Rails转义中和错误漏洞(CVE-2025-55193)

https://www.nsfocus.net/vulndb/132997

2026-01-16

GitLab CE/EE正则表达式复杂性不足漏洞(CVE-2025-2937)

https://www.nsfocus.net/vulndb/132996

2026-01-16

GitLab CE/EE跨站脚本漏洞(CVE-2025-7739)

https://www.nsfocus.net/vulndb/132995

2026-01-16

GitLab CE/EE跨站脚本漏洞(CVE-2025-6186)

https://www.nsfocus.net/vulndb/132994

2026-01-16

GitLab EE授权绕过漏洞(CVE-2025-8770)

https://www.nsfocus.net/vulndb/132993

2026-01-16

Part-DB未捕获异常漏洞(CVE-2025-55194)

https://www.nsfocus.net/vulndb/132992

2026-01-16

KuWFi 5G01-X55信息泄漏漏洞(CVE-2025-43988)

https://www.nsfocus.net/vulndb/132991

2026-01-16

Portabilis i-Diario跨站脚本漏洞(CVE-2025-8920)

https://www.nsfocus.net/vulndb/132990

2026-01-16

hortusfox-web跨站脚本漏洞(CVE-2025-45313)

https://www.nsfocus.net/vulndb/132989

2026-01-16

Job Diary SQL注入漏洞(CVE-2025-8921)

https://www.nsfocus.net/vulndb/132988

2026-01-16

Tuoshi NR500-EA操作系统命令注入漏洞(CVE-2025-43989)

https://www.nsfocus.net/vulndb/132987

2026-01-16

hortusfox-web跨站脚本漏洞(CVE-2025-45314)

https://www.nsfocus.net/vulndb/132986

2026-01-16

KuWFi GC111信息泄漏漏洞(CVE-2025-43986)

https://www.nsfocus.net/vulndb/132985

2026-01-16

GitLab EE访问控制错误漏洞(CVE-2025-2498)

https://www.nsfocus.net/vulndb/132984

2026-01-16

GitLab CE/EE不受限的资源分配漏洞(CVE-2025-1477)

https://www.nsfocus.net/vulndb/132983

点分享

点收藏

点在看

点点赞

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:0xSecDebug 0xSecDebug 0xSecDebug《绿盟漏洞情报(2026-01-16)》

版权声明

本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0