Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025.

CVE Database V5

Detailed information about CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Techn

CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Technology Ltd. E-Commerce Product - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Technology Ltd. E-Commerce Product

A critical vulnerability affecting the UPnP function in multiple Zyxel device models has been identified and patched. This flaw allows remote attackers to execute arbitrary code without authentication, posing a severe risk to affected devices. Exploitation could lead to full system compromise, enabling attackers to control the device, disrupt network operations, or pivot to internal networks. Although no known exploits are currently observed in the wild, the critical nature of the vulnerability demands immediate attention. Zyxel device users should promptly apply available patches to mitigate risk. The vulnerability primarily affects Zyxel devices widely deployed in enterprise and ISP environments globally. Countries with significant Zyxel market presence and strategic network infrastructure reliance are at higher risk. Given the ease of remote exploitation and potential for widespread impact, this vulnerability is assessed as critical severity. Defenders must prioritize patching, disable UPnP if not needed, and monitor network traffic for suspicious activity related to UPnP services.

The identified security threat is a critical vulnerability in the Universal Plug and Play (UPnP) functionality of multiple Zyxel device models. UPnP is a network protocol that allows devices to discover each other and establish functional network services for data sharing, communications, and entertainment. However, improper implementation or vulnerabilities in UPnP can expose devices to remote code execution (RCE) attacks. This specific vulnerability enables an unauthenticated remote attacker to execute arbitrary code on affected Zyxel devices by sending crafted UPnP requests. Such exploitation could lead to complete device compromise, allowing attackers to manipulate device configurations, intercept or redirect network traffic, or use the device as a foothold for further attacks within the network. Zyxel devices are commonly used in enterprise, small business, and ISP environments, often serving as routers, firewalls, or VPN gateways, making this vulnerability particularly impactful. Although no active exploits have been reported in the wild yet, the critical severity rating underscores the urgency for patch deployment. The lack of detailed CVE or CVSS information limits precise scoring, but the nature of the vulnerability—remote, unauthenticated code execution—places it among the highest risk categories. The vulnerability affects multiple device models, indicating a potentially broad attack surface. Zyxel has released patches to address this issue, emphasizing the importance of timely updates to prevent exploitation.

SecurityWeek

Detailed information about Zyxel Patches Critical Vulnerability in Many Device Models. Get real-time updates, technical details, and mitigation strategies.

Zyxel Patches Critical Vulnerability in Many Device Models - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Zyxel Patches Critical Vulnerability in Many Device Models

CVE-2026-1198 is a high-severity SQL Injection vulnerability in the Simple. ERP product by Simple SA, specifically in the search functionality of the "Obroty na kontach" window. The flaw arises from improper input validation, allowing an authenticated attacker with low privileges to inject malicious SQL commands that the database executes. This vulnerability does not require user interaction and can lead to significant confidentiality and integrity breaches. It affects versions prior to 6. 30@A04. 4_u06, where the issue has been fixed. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a critical risk for organizations using this ERP system. Mitigation involves applying the vendor's patch promptly and implementing strict input validation and query parameterization. Countries with significant deployments of Simple.

CVE-2026-1198 identifies a SQL Injection vulnerability in Simple.ERP, a product developed by Simple SA. The vulnerability exists in the search functionality within the "Obroty na kontach" window, where input fields do not properly sanitize or neutralize special SQL elements. This improper neutralization (CWE-89) allows an authenticated attacker with low privileges to craft malicious SQL queries that the backend database executes. The flaw enables attackers to manipulate database queries, potentially leading to unauthorized data access, data modification, or disruption of database operations. The vulnerability does not require user interaction and can be exploited remotely over the network. The affected versions are those prior to 6.30@A04.4_u06, where the vendor has released a fix. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no need for user interaction, and high impact on confidentiality and integrity, but no impact on availability. No known exploits have been reported in the wild yet, but the vulnerability's nature makes it a critical concern for organizations using this ERP system.

Detailed information about CVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP af

CVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP

CVE-2025-64999 is a high-severity cross-site scripting (XSS) vulnerability in Checkmk versions 2. 4. 0 before 2. 4. 0p22 and 2. 3. 0 before 2. 3. 0p43. It arises from improper neutralization of input in Synthetic Monitoring HTML logs, allowing attackers who can manipulate a host's check output to inject malicious JavaScript.

CVE-2025-64999 is a cross-site scripting (XSS) vulnerability classified under CWE-79 affecting Checkmk, a monitoring software developed by Checkmk GmbH. The flaw exists in versions 2.4.0 prior to patch 2.4.0p22 and 2.3.0 prior to patch 2.3.0p43. The vulnerability stems from improper neutralization of user-controllable input during the generation of Synthetic Monitoring HTML logs. Specifically, an attacker with the ability to manipulate a host's check output can inject malicious JavaScript code into these logs. When a user accesses the compromised logs via a crafted phishing link, the injected script executes in the context of the victim's browser, potentially allowing session hijacking, credential theft, or further exploitation within the Checkmk web interface. The CVSS 4.0 base score is 7.3, reflecting network attack vector, low attack complexity, partial privileges required, user interaction needed, and high impact on confidentiality, integrity, and availability. Although no known exploits have been observed in the wild, the vulnerability poses a significant risk due to the widespread use of Checkmk in IT infrastructure monitoring. The vulnerability does not require elevated privileges to exploit but does require the attacker to influence host check outputs and the victim to click a malicious link. This scenario highlights the importance of securing input sources and user awareness against phishing attacks. No official patches were linked in the provided data, but updates to versions 2.4.0p22 and 2.3.0p43 or later are implied to remediate the issue.

Detailed information about CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk 

CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk

Operation Zero is a Russian exploit broker operation sanctioned by the US government after acquiring eight zero-day exploits from a jailed US defense contractor executive. These zero-days represent previously unknown vulnerabilities that could be weaponized for cyberattacks. Although no known exploits are currently observed in the wild, the potential for future exploitation remains significant. The broker's access to multiple zero-days increases the risk of targeted attacks against critical infrastructure and government entities. This threat highlights insider risks and the illicit trade of advanced cyber capabilities. Organizations should be vigilant for suspicious activity and prioritize threat intelligence sharing. The medium severity reflects the current absence of active exploitation but acknowledges the high potential impact if weaponized. Countries with strategic interests in US-Russia relations and high technology adoption are most at risk. Immediate mitigation involves enhancing monitoring, patch management, and insider threat detection. Defenders must prepare for possible future exploitation campaigns leveraging these zero-days.

Operation Zero is a cyber threat actor identified as a Russian exploit broker that recently came under US sanctions after acquiring eight zero-day vulnerabilities from a US defense contractor executive who was imprisoned for his involvement. Zero-day exploits are vulnerabilities unknown to the vendor and unpatched, making them highly valuable for offensive cyber operations. The broker's acquisition of multiple zero-days from an insider source within a US defense contractor underscores the significant insider threat and the risks posed by the illicit cyber exploit market. While there are no confirmed reports of these zero-days being exploited in the wild yet, the possession of such exploits enables the broker to potentially sell or deploy them in targeted cyberattacks against high-value targets such as government agencies, critical infrastructure, defense contractors, and private sector organizations. The lack of detailed information on the affected software or hardware versions limits precise technical mitigation but emphasizes the need for heightened vigilance. The operation exemplifies the intersection of geopolitical tensions and cyber espionage, with Russia leveraging stolen US-origin exploits to enhance its cyber capabilities. The medium severity rating reflects the current non-exploitation status but acknowledges the high risk due to the nature of zero-day vulnerabilities and the strategic value of the stolen exploits.

Detailed information about US Sanctions Russian Exploit Broker Operation Zero. Get real-time updates, technical details, and mitigation strategies.

US Sanctions Russian Exploit Broker Operation Zero - Live Threat Intelligence - Threat Radar | OffSeq.com

US Sanctions Russian Exploit Broker Operation Zero

Detailed information about CVE-2024-0393. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-0393

CVE-2024-0393

Technical Details

Community Reviews

Related Threats

CVE-2025-14343: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Dokuzsoft Technology Ltd. E-Commerce Product

CVE-2026-1198: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simple SA Simple.ERP

CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk

CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing

CVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility