See the no-go signals before they become incidents.
TWCERT/CC published a TVN advisory for a critical stack-based buffer overflow in ShangShang Technology’s EHG2408 series Ethernet switches. The flaw (CVE-2026-3823, CVSS 9.8) is reachable over the network without authentication and could allow remote attackers to hijack execution flow and run arbitrary code. Affected users are advised to upgrade to firmware v3.36 or later. Read more
Taiwan’s TWCERT/CC published a high-severity vulnerability notice for the D-Link DWM-222W Wi‑Fi 6 USB mobile network adapter/modem. The issue allows an unauthenticated attacker on the same network domain to bypass login attempt limits, enabling brute-force attempts that could lead to device control. D-Link firmware 1.02.00 and later is listed as the fix. Read more
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202604011) detailing two vulnerabilities affecting Herlin Digital Technology’s AVACAST for Windows versions 5.10.10.43 and earlier. The issues—DLL hijacking (CVE-2026-7279, CVSS 7.8 High) and an unquoted service path (CVE-2026-7280, CVSS 6.7 Medium)—could allow authenticated local attackers (and in the second case, a local admin) to execute code with SYSTEM privileges. TWCERT/CC recommends updating to AVACAST 5.10.10.45 or later. Read more
Taiwan's TWCERT/CC has disclosed two high-severity security vulnerabilities affecting SunNet's Corporate Training Management System (CTMS) and Corporate Appraisal Performance System (CAPS). These flaws include a SQL injection vulnerability and an arbitrary file upload weakness that could lead to full system compromise. Read more
TWCERT/CC published a Taiwan Vulnerability Note (TVN-202603007) describing two high-severity vulnerabilities affecting Galaxia Information’s Vitals ESP up to and including version 6.3. One issue could allow an authenticated remote attacker to perform some admin functions and escalate privileges (CVE-2026-4639, CVSS 8.8). The other could allow an unauthenticated remote attacker to access some functions and obtain sensitive information (CVE-2026-4640, CVSS 7.5). TWCERT/CC advises customers to contact the vendor for a patch. Read more
Adobe released its May routine security updates addressing 52 vulnerabilities across 10 application systems, with a particular emphasis on critical patches for the Adobe Commerce (Magento) e-commerce platform and high-risk flaws in Adobe Connect. Read more
The Distributed Management Task Force (DMTF) announced that its Security Protocol and Data Model (SPDM) has been officially incorporated into the U.S. FIPS 140-3 Implementation Guidance, establishing a new federal reference for hardware and firmware authentication. Read more
A high-severity Insecure Direct Object Reference (IDOR) vulnerability has been identified in the 'App好校通' (App School Link) mobile application developed by Sun Rise Technology, potentially allowing authenticated users to access and modify unauthorized records. Read more
TWCERT/CC published a Taiwan Vulnerability Note for a high-severity arbitrary file write flaw in Gigabyte Control Center. The advisory says that when the product’s pairing function is enabled, an unauthenticated remote attacker could write arbitrary files to any OS path, potentially enabling code execution or privilege escalation. Gigabyte Control Center versions up to 25.07.21.01 are listed as affected, and upgrading to 25.12.10.01 or later is recommended. Read more
TWCERT/CC published a vulnerability note for an arbitrary file upload issue in Digiwin (育碁數位科技) a+HCM affecting versions up to and including 8.1. The note states an unauthenticated remote attacker could upload arbitrary files to arbitrary paths, including HTML files that could produce XSS-like effects. TWCERT/CC rates the issue CVSS 6.1 (Medium) and points users to the vendor’s security notice and patches. Read more