cveID | vendorProject | vulnerabilityName | dateAdded | shortDescription | requiredAction | dueDate |
CVE-2025-54313 | Prettier | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | 2026-01-22 | Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-02-12 |
CVE-2025-31125 | Vite | Vite Vitejs Improper Access Control Vulnerability | 2026-01-22 | Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-02-12 |
CVE-2025-34026 | Versa | Versa Concerto Improper Authentication Vulnerability | 2026-01-22 | Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-02-12 |
CVE-2025-68645 | Synacor | Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | 2026-01-22 | Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory. | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | 2026-02-12 |
확인 시간 : 2026-01-23 06:15
KISA 보안취약점 정보포털 진흥원 : 취약점 정보 공유 > 보안공지
[게시판] https://knvd.krcert.or.kr/securityNotice.do
[게시글] https://knvd.krcert.or.kr/detailSecNo.do?IDX=6670
제목 : 美 CISA 발표 주요 Exploit 정보공유(Update. 2026-01-22)
현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다.
* 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
cveID
vendorProject
vulnerabilityName
dateAdded
shortDescription
requiredAction
dueDate
CVE-2025-54313
Prettier
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability
2026-01-22
Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-02-12
CVE-2025-31125
Vite
Vite Vitejs Improper Access Control Vulnerability
2026-01-22
Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-02-12
CVE-2025-34026
Versa
Versa Concerto Improper Authentication Vulnerability
2026-01-22
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-02-12
CVE-2025-68645
Synacor
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability
2026-01-22
Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
2026-02-12
출처 사이트 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog