文章总结: 本文档汇总了2026年1月15日绿盟发布的高危漏洞情报,涵盖75条记录。受影响对象包括UTT设备、WordPress插件、Linux内核、QNAP及D-Link产品等。漏洞类型涉及缓冲区溢出、文件上传、SQL注入及权限绕过等。建议安全人员尽快核查受影响系统并及时应用安全补丁以修复漏洞。 综合评分: 60 文章分类: 威胁情报,漏洞预警,WEB安全,网络安全
高危漏洞威胁情报合集 (2026-01-15)
原创
0xSecDebug 0xSecDebug
0xSecDebug
2026年1月15日 21:30 陕西
请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具和内容均来自网络,仅做学习和记录使用,安全性自测,如有侵权请联系删除。
如果师傅们想要第一时间获取到最新的威胁情报,可以添加下面我创建的钉钉漏洞威胁情报群,便于师傅们可以及时获取最新的IOC
🔴 绿盟漏洞情报(2026-01-15)
📊 数据来源:绿盟 www.nsfocus.net | 有效漏洞:75 条
日期
漏洞情报信息
详情
2026-01-15
UTT 1200GW缓冲区溢出漏洞(CVE-2025-10170)
https://www.nsfocus.net/vulndb/132775
2026-01-15
WordPress plugin AuthorSure跨站请求伪造漏洞(CVE-2025-13134)
https://www.nsfocus.net/vulndb/132774
2026-01-15
WordPress plugin WPFunnels授权绕过漏洞(CVE-2025-12353)
https://www.nsfocus.net/vulndb/132773
2026-01-15
Monsta FTP危险类型文件不受限上传漏洞(CVE-2025-34299)
https://www.nsfocus.net/vulndb/132772
2026-01-15
QNAP Systems File Station 5空指针引用漏洞(CVE-2025-47207)
https://www.nsfocus.net/vulndb/132771
2026-01-15
WordPress plugin Vitepos任意文件上传漏洞(CVE-2025-13156)
https://www.nsfocus.net/vulndb/132770
2026-01-15
WordPress plugin Survey Anyplace跨站脚本漏洞(CVE-2025-10196)
https://www.nsfocus.net/vulndb/132769
2026-01-15
D-Link DIR-825缓冲区溢出漏洞(CVE-2025-10034)
https://www.nsfocus.net/vulndb/132768
2026-01-15
WordPress plugin WP Company Info跨站脚本漏洞(CVE-2025-11826)
https://www.nsfocus.net/vulndb/132767
2026-01-15
PersonManage访问控制错误漏洞(CVE-2025-63686)
https://www.nsfocus.net/vulndb/132766
2026-01-15
WordPress plugin Magical Products Display跨站脚本漏洞(CVE-2025-12964)
https://www.nsfocus.net/vulndb/132765
2026-01-15
WordPress plugin简数采集器任意文件读取漏洞(CVE-2025-11973)
https://www.nsfocus.net/vulndb/132764
2026-01-15
WordPress plugin Gutenverse Form权限缺失漏洞(CVE-2025-66079)
https://www.nsfocus.net/vulndb/132763
2026-01-15
LizardByte Sunshine权限提升漏洞(CVE-2025-10199)
https://www.nsfocus.net/vulndb/132762
2026-01-15
yanyutao0402 ChanCMS SQL注入漏洞(CVE-2025-10210)
https://www.nsfocus.net/vulndb/132761
2026-01-15
newbee-mall-plus不合理授权漏洞(CVE-2025-12854)
https://www.nsfocus.net/vulndb/132760
2026-01-15
SourceCodester Best House Rental Management System SQL注入漏洞(CVE-2025-12853)
https://www.nsfocus.net/vulndb/132759
2026-01-15
ZITADEL授权绕过漏洞(CVE-2025-64431)
https://www.nsfocus.net/vulndb/132758
2026-01-15
WordPress plugin Podlove Podcast Publisher危险类型文件不受限上传漏洞(CVE-2025-10147)
https://www.nsfocus.net/vulndb/132757
2026-01-15
WordPress plugin All Social Share Options跨站脚本漏洞(CVE-2025-10131)
https://www.nsfocus.net/vulndb/132756
2026-01-15
WordPress plugin Funnel Builder by FunnelKit跨站脚本漏洞(CVE-2025-66067)
https://www.nsfocus.net/vulndb/132755
2026-01-15
PHPGurukul Online Course Registration SQL注入漏洞(CVE-2025-10025)
https://www.nsfocus.net/vulndb/132754
2026-01-15
PHPGurukul User Management System SQL注入漏洞(CVE-2025-10098)
https://www.nsfocus.net/vulndb/132753
2026-01-15
itsourcecode Student Information Management System SQL注入漏洞(CVE-2025-10113)
https://www.nsfocus.net/vulndb/132752
2026-01-15
Campcodes Online Loan Management System SQL注入漏洞(CVE-2025-10109)
https://www.nsfocus.net/vulndb/132750
2026-01-15
WordPress plugin Layers跨站脚本漏洞(CVE-2025-10130)
https://www.nsfocus.net/vulndb/132748
2026-01-15
LizardByte Sunshine不受控制的搜索路径元素漏洞(CVE-2025-10198)
https://www.nsfocus.net/vulndb/132747
2026-01-15
WordPress plugin Enfold跨站脚本漏洞(CVE-2025-66053)
https://www.nsfocus.net/vulndb/132746
2026-01-15
Projectworlds Online Notes Sharing Platform失效的访问控制漏洞(CVE-2025-12862)
https://www.nsfocus.net/vulndb/132745
2026-01-15
GE Vernova Smallworld不正确的身份验证漏洞(CVE-2025-3222)
https://www.nsfocus.net/vulndb/132744
2026-01-15
WordPress plugin FluentCommunity权限缺失漏洞(CVE-2025-66084)
https://www.nsfocus.net/vulndb/132743
2026-01-15
code-projects Online Event Judging System SQL注入漏洞(CVE-2025-10104)
https://www.nsfocus.net/vulndb/132742
2026-01-15
WordPress plugin Eulerpool Research Systems跨站脚本漏洞(CVE-2025-10128)
https://www.nsfocus.net/vulndb/132741
2026-01-15
Linux kernel内存错误引用漏洞(CVE-2025-40211)
https://www.nsfocus.net/vulndb/132740
2026-01-15
WordPress plugin UsersWP权限缺失漏洞(CVE-2025-66072)
https://www.nsfocus.net/vulndb/132739
2026-01-15
WordPress plugin Email Subscribers & Newsletters不受信数据反序列化漏洞(CVE-2025-66055)
https://www.nsfocus.net/vulndb/132737
2026-01-15
IBM Db2堆栈缓冲区溢出漏洞(CVE-2024-47118)
https://www.nsfocus.net/vulndb/132736
2026-01-15
WordPress plugin Custom Post Type跨站请求伪造漏洞(CVE-2025-13142)
https://www.nsfocus.net/vulndb/132735
2026-01-15
LG Electronics AC Smart II身份认证错误漏洞(CVE-2025-10204)
https://www.nsfocus.net/vulndb/132734
2026-01-15
WordPress plugin Head Meta Data权限缺失漏洞(CVE-2025-66081)
https://www.nsfocus.net/vulndb/132733
2026-01-15
PROLIZ OBS授权绕过漏洞(CVE-2025-0875)
https://www.nsfocus.net/vulndb/132732
2026-01-15
WordPress plugin PPOM for WooCommerce权限缺失漏洞(CVE-2025-66069)
https://www.nsfocus.net/vulndb/132731
2026-01-15
Linux kernel拒绝服务漏洞(CVE-2025-40210)
https://www.nsfocus.net/vulndb/132730
2026-01-15
SiempreCMS危险类型文件不受限上传漏洞(CVE-2025-10116)
https://www.nsfocus.net/vulndb/132729
2026-01-15
GrandNode竞争条件漏洞(CVE-2025-10216)
https://www.nsfocus.net/vulndb/132728
2026-01-15
Shopside App跨站脚本漏洞(CVE-2025-0879)
https://www.nsfocus.net/vulndb/132727
2026-01-15
WordPress plugin Seriously Simple Podcasting权限缺失漏洞(CVE-2025-66060)
https://www.nsfocus.net/vulndb/132726
2026-01-15
WordPress plugin Seriously Simple Podcasting信息泄漏漏洞(CVE-2025-66059)
https://www.nsfocus.net/vulndb/132725
2026-01-15
ClipBucket V5跨站脚本漏洞(CVE-2025-64339)
https://www.nsfocus.net/vulndb/132724
2026-01-15
LMSYS SGLang不受信数据反序列化漏洞(CVE-2025-10164)
https://www.nsfocus.net/vulndb/132723
2026-01-15
Sim Studio代码注入漏洞(CVE-2025-10097)
https://www.nsfocus.net/vulndb/132722
2026-01-15
forest授权错误漏洞(CVE-2025-63687)
https://www.nsfocus.net/vulndb/132721
2026-01-15
TRENDnet TEW-831DR命令注入漏洞(CVE-2025-10107)
https://www.nsfocus.net/vulndb/132720
2026-01-15
archives路径遍历漏洞(CVE-2025-64346)
https://www.nsfocus.net/vulndb/132719
2026-01-15
Sophos AP6 Series身份认证绕过漏洞(CVE-2025-10159)
https://www.nsfocus.net/vulndb/132718
2026-01-15
WordPress plugin HT Mega跨站脚本漏洞(CVE-2025-13141)
https://www.nsfocus.net/vulndb/132717
2026-01-15
BUFFALO WSR-1800AX4 Series使用不足的计算工作漏洞(CVE-2025-46413)
https://www.nsfocus.net/vulndb/132716
2026-01-15
Amazon Ion C越界读取漏洞(CVE-2025-12829)
https://www.nsfocus.net/vulndb/132715
2026-01-15
GG Soft PaperWork SQL注入漏洞(CVE-2025-10968)
https://www.nsfocus.net/vulndb/132714
2026-01-15
CampCodes School File Management SQL注入漏洞(CVE-2025-12873)
https://www.nsfocus.net/vulndb/132713
2026-01-15
Autodesk Shared Components越界写入漏洞(CVE-2025-9458)
https://www.nsfocus.net/vulndb/132712
2026-01-15
WordPress plugin Bold Page Builder跨站脚本漏洞(CVE-2025-66057)
https://www.nsfocus.net/vulndb/132711
2026-01-15
DIAL CentrosNET App SQL注入漏洞(CVE-2025-10870)
https://www.nsfocus.net/vulndb/132710
2026-01-15
Conda Constructor使用替代路径或通信渠道绕过身份验证漏洞(CVE-2025-64343)
https://www.nsfocus.net/vulndb/132709
2026-01-15
Jinher OA SQL注入漏洞(CVE-2025-10090)
https://www.nsfocus.net/vulndb/132708
2026-01-15
pig不安全的反射漏洞(CVE-2025-63690)
https://www.nsfocus.net/vulndb/132707
2026-01-15
money-pos SQL注入漏洞(CVE-2025-63689)
https://www.nsfocus.net/vulndb/132706
2026-01-15
WordPress plugin WP Google Review Slider权限缺失漏洞(CVE-2025-66063)
https://www.nsfocus.net/vulndb/132705
2026-01-15
D-Link DIR-852访问控制错误漏洞(CVE-2025-10093)
https://www.nsfocus.net/vulndb/132704
2026-01-15
Onlook开放重定向漏洞(CVE-2025-63784)
https://www.nsfocus.net/vulndb/132703
2026-01-15
WordPress plugin Simple User Registration跨站脚本漏洞(CVE-2025-12160)
https://www.nsfocus.net/vulndb/132702
2026-01-15
Onlook跨站脚本漏洞(CVE-2025-63785)
https://www.nsfocus.net/vulndb/132701
2026-01-15
GE Vernova Smallworld路径遍历漏洞(CVE-2025-7719)
https://www.nsfocus.net/vulndb/132700
2026-01-15
SMSEagle SQL注入漏洞(CVE-2025-10095)
https://www.nsfocus.net/vulndb/132699
2026-01-15
WordPress plugin TNC Toolbox: Web Performance权限缺失漏洞(CVE-2025-66108)
https://www.nsfocus.net/vulndb/132698
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:0xSecDebug 0xSecDebug 0xSecDebug《高危漏洞威胁情报合集 (2026-01-15)》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论