漏洞公告
二一零零科技|公文管理系統 - Incorrect Authorization
CVE ID :CVE-2026-1514
影響產品: 公文管理系統 5.0.77至5.0.98版本
解決方法:請更新至5.0.98.23(含)以後版本
公開日期:2026-01-28
Cisco整合通訊多項產品存在高風險安全漏洞(CVE-2026-20045),請儘速確認並進行修補
內容說明:
研究人員發現Cisco整合通訊多項產品存在程式碼注入(Code Injection)漏洞(CVE-2026-20045),未經身分鑑別之遠端攻擊者可透過傳送特製HTTP請求至受影響設備以執行任意指令,進而提升至root權限。該漏洞已遭駭客利用,請儘速確認並進行修補。
影響平臺:
以下產品12.5、14及15版本
Unity Connection
Unified Communications Manager(Unified CM)
Unified CM Session Management Edition(Unified CM SME)
Unified CM IM & Presence Service(Unified CM IM&P)
Webex Calling Dedicated Instance
處置建議:
官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b#fs
公開日期:2026/01/28
1/19至1/25 Known Exploited Vulnerabilities Catalog(KEV)週報
內容說明:
CISA於1/19至1/25在Known Exploited Vulnerabilities Catalog(KEV)中發布6個已遭駭客利用之漏洞。
影響平臺:
Broadcom|VMware vCenter Server
Cisco|Unified Communications Manager
Prettier|eslint-config-prettier
Synacor|Zimbra Collaboration Suite (ZCS)
Versa|Concerto
Vite|Vitejs
處置建議:
修補說明請參考以下官方連結:
Broadcom|VMware vCenter Server
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
Cisco|Unified Communications Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
Prettier|eslint-config-prettier
https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions
https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090304490
Synacor|Zimbra Collaboration Suite (ZCS)
https://wiki.zimbra.com/wiki/Security_Center
Versa|Concerto
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e
Vite|Vitejs
https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
公開日期:2026/01/26