A security feature bypass vulnerability has been reported in Microsoft Windows. This vulnerability is due to improper handling of Internet Shortcuts. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted shortcut or visit a malicious link. Successful exploitation could result in spoofing, the bypass of SmartScreen security warnings or the disclosure of a targeted user's NTLM hash.

An SQL injection vulnerability has been reported for Delta Industrial Automation DIAEnergie. This vulnerability is due to improper input validation in the Handler_CFG.ashx script. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in SQL injection or, in the worst case, remote code execution in the context of MSSQLSERVER

It has been reported that versions 5.6.0 and 5.6.1 of XZ Utils, a command line tool for compressing and decompressing .xz files, have been compromised (CVE-2024-3094). This issue affects any software connected to the XZ library, allowing for the interception and modification of data used with the library. The backdoor is in the package's liblzma library, which is also used by sshd to listen for SSH connections. The malware (aka xzbot) execute shell command on an infected system by passing it directly to system() over SSH under specific conditions, according to the reports.

An authentication bypass vulnerability exists in JetBrains TeamCity. The vulnerability is due to improper authentication of requests of JSP files.

Threat Encyclopedia

1233205

FILE Microsoft Windows Internet Shortcut Point to Location with UNC or Remote Path

High

2026/01/19

1234915

ICS Delta Industrial Automation DIAEnergie Handler_CFG.ashx SQL Injection (CVE-2024-28891)

High

2026/01/16

1234795

SSH XZ-Utils Backdoor (CVE-2024-3094)

Critical

2026/01/16

1234835

WEB JetBrains TeamCity JspPrecompilation Authentication Bypass (CVE-2024-23917)

Critical

2026/01/15