思科產品多個漏洞

發佈日期: 2026年02月26日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、跨網站指令碼、遠端執行任意程式碼及權限提升。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 跨網站指令碼

---

受影響之系統或技術

• Cisco FXOS Software
• Cisco NX-OS Software
• Cisco UCS Manager Software

請參考供應商發佈的連結以了解受影響的版本：

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

---

漏洞識別碼

• CVE-2026-20010
• CVE-2026-20091
• CVE-2026-20099

---

資料來源

• Cisco

---

相關連結

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

Cisco Products Multiple Vulnerabilities

Release Date: 26 Feb 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, remote code execution and elevation of privilege on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Cross-Site Scripting

---

System / Technologies affected

• Cisco FXOS Software
• Cisco NX-OS Software
• Cisco UCS Manager Software

For affected versions, please refer to the link issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

---

Vulnerability Identifier

• CVE-2026-20010
• CVE-2026-20091
• CVE-2026-20099

---

Source

• Cisco

---

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfxosxss-7skVE8Zv
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsciv-wGYtC78q

Mozilla 產品多個漏洞

發佈日期: 2026年02月25日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、繞過保安限制、仿冒及敏感資料洩露。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 權限提升
• 繞過保安限制
• 資料洩露
• 仿冒

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 148
• Firefox ESR 115.33
• Firefox ESR 140.8
• Thunderbird 140.8
• Thunderbird 148

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 148
• Firefox ESR 115.33
• Firefox ESR 140.8
• Thunderbird 140.8
• Thunderbird 148

---

漏洞識別碼

• CVE-2026-2757
• CVE-2026-2758
• CVE-2026-2759
• CVE-2026-2760
• CVE-2026-2761
• CVE-2026-2762
• CVE-2026-2763
• CVE-2026-2764
• CVE-2026-2765
• CVE-2026-2766
• CVE-2026-2767
• CVE-2026-2768
• CVE-2026-2769
• CVE-2026-2770
• CVE-2026-2771
• CVE-2026-2772
• CVE-2026-2773
• CVE-2026-2774
• CVE-2026-2775
• CVE-2026-2776
• CVE-2026-2777
• CVE-2026-2778
• CVE-2026-2779
• CVE-2026-2780
• CVE-2026-2781
• CVE-2026-2782
• CVE-2026-2783
• CVE-2026-2784
• CVE-2026-2785
• CVE-2026-2786
• CVE-2026-2787
• CVE-2026-2788
• CVE-2026-2789
• CVE-2026-2790
• CVE-2026-2791
• CVE-2026-2792
• CVE-2026-2793
• CVE-2026-2794
• CVE-2026-2795
• CVE-2026-2796
• CVE-2026-2797
• CVE-2026-2798
• CVE-2026-2799
• CVE-2026-2800
• CVE-2026-2801
• CVE-2026-2802
• CVE-2026-2803
• CVE-2026-2804
• CVE-2026-2805
• CVE-2026-2806
• CVE-2026-2807

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-13
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-14
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-15
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-16
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-17

Mozilla Products Multiple Vulnerabilities

Release Date: 25 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, spoofing and sensitive information disclosure on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution
• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Spoofing

---

System / Technologies affected

Versions prior to:

 

• Firefox 148
• Firefox ESR 115.33
• Firefox ESR 140.8
• Thunderbird 140.8
• Thunderbird 148

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 148
• Firefox ESR 115.33
• Firefox ESR 140.8
• Thunderbird 140.8
• Thunderbird 148

---

Vulnerability Identifier

• CVE-2026-2757
• CVE-2026-2758
• CVE-2026-2759
• CVE-2026-2760
• CVE-2026-2761
• CVE-2026-2762
• CVE-2026-2763
• CVE-2026-2764
• CVE-2026-2765
• CVE-2026-2766
• CVE-2026-2767
• CVE-2026-2768
• CVE-2026-2769
• CVE-2026-2770
• CVE-2026-2771
• CVE-2026-2772
• CVE-2026-2773
• CVE-2026-2774
• CVE-2026-2775
• CVE-2026-2776
• CVE-2026-2777
• CVE-2026-2778
• CVE-2026-2779
• CVE-2026-2780
• CVE-2026-2781
• CVE-2026-2782
• CVE-2026-2783
• CVE-2026-2784
• CVE-2026-2785
• CVE-2026-2786
• CVE-2026-2787
• CVE-2026-2788
• CVE-2026-2789
• CVE-2026-2790
• CVE-2026-2791
• CVE-2026-2792
• CVE-2026-2793
• CVE-2026-2794
• CVE-2026-2795
• CVE-2026-2796
• CVE-2026-2797
• CVE-2026-2798
• CVE-2026-2799
• CVE-2026-2800
• CVE-2026-2801
• CVE-2026-2802
• CVE-2026-2803
• CVE-2026-2804
• CVE-2026-2805
• CVE-2026-2806
• CVE-2026-2807

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-13
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-14
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-15
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-16
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-17

Valkey 產品多個漏洞

發佈日期: 2026年02月25日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Valkey 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況及繞過保安限制。

---

影響

• 阻斷服務
• 繞過保安限制

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Valkey 9.0.3
• Valkey 8.1.6
• Valkey 8.0.7
• Valkey 7.2.12

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Valkey 9.0.3
• Valkey 8.1.6
• Valkey 8.0.7
• Valkey 7.2.12

---

漏洞識別碼

• CVE-2025-67733
• CVE-2026-21863
• CVE-2026-27623

---

資料來源

• Valkey

---

相關連結

• https://github.com/valkey-io/valkey/releases/tag/9.0.3
• https://github.com/valkey-io/valkey/releases/tag/8.1.6
• https://github.com/valkey-io/valkey/releases/tag/8.0.7
• https://github.com/valkey-io/valkey/releases/tag/7.2.12 

Valkey Products Multiple Vulnerabilities

Release Date: 25 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Valkey Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system.

---

Impact

• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

Versions prior to:

 

• Valkey 9.0.3
• Valkey 8.1.6
• Valkey 8.0.7
• Valkey 7.2.12

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Valkey 9.0.3
• Valkey 8.1.6
• Valkey 8.0.7
• Valkey 7.2.12

---

Vulnerability Identifier

• CVE-2025-67733
• CVE-2026-21863
• CVE-2026-27623

---

Source

• Valkey

---

Related Link

• https://github.com/valkey-io/valkey/releases/tag/9.0.3
• https://github.com/valkey-io/valkey/releases/tag/8.1.6
• https://github.com/valkey-io/valkey/releases/tag/8.0.7
• https://github.com/valkey-io/valkey/releases/tag/7.2.12 

VMWare 產品多個漏洞

發佈日期: 2026年02月25日

風險: 中度風險

類型: 操作系統 - 網絡操作系統

於 VMware 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、跨網站指令碼及遠端執行任意程式碼。

---

影響

• 跨網站指令碼
• 遠端執行程式碼
• 權限提升

---

受影響之系統或技術

• VMware Aria Operations 8.x
• VMware Cloud Foundation 4.x, 5.x, 9.x.x.x
• VMware Telco Cloud Platform 4.x, 5.x
• VMware Telco Cloud Infrastructure 2.x, 3.x
• VMware vSphere Foundation 9.x.x.x

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 安裝供應商提供的修補程式：
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

---

漏洞識別碼

• CVE-2026-22719
• CVE-2026-22720
• CVE-2026-22721

---

資料來源

• VMware

---

相關連結

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

VMWare Products Multiple Vulnerabilities

Release Date: 25 Feb 2026

RISK: Medium Risk

TYPE: Operating Systems - VM Ware

Multiple vulnerabilities were identified in VMware products.  A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, cross-site scripting and remote code execution on the targeted system.

 

---

Impact

• Cross-Site Scripting
• Remote Code Execution
• Elevation of Privilege

---

System / Technologies affected

• VMware Aria Operations 8.x
• VMware Cloud Foundation 4.x, 5.x, 9.x.x.x
• VMware Telco Cloud Platform 4.x, 5.x
• VMware Telco Cloud Infrastructure 2.x, 3.x
• VMware vSphere Foundation 9.x.x.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

---

Vulnerability Identifier

• CVE-2026-22719
• CVE-2026-22720
• CVE-2026-22721

---

Source

• VMware

---

Related Link

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

Google Chrome 多個漏洞

發佈日期: 2026年02月24日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發繞過保安限制、資料篡改及洩露敏感資料。

 

---

影響

• 資料洩露
• 篡改
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 144.0.7559.116 (Linux) 之前的版本
• Google Chrome 145.0.7632.116/117 (Mac) 之前的版本
• Google Chrome 145.0.7632.116/117 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.7559.116 (Linux) 或之後版本
• 更新至 145.0.7632.116/117 (Mac) 或之後版本
• 更新至 145.0.7632.116/117 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-3061
• CVE-2026-3062
• CVE-2026-3063

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html

Google Chrome Multiple Vulnerabilities

Release Date: 24 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, data manipulation and sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure
• Data Manipulation
• Security Restriction Bypass

---

System / Technologies affected

• Google Chrome prior to 144.0.7559.116 (Linux)
• Google Chrome prior to 145.0.7632.116/117 (Mac)
• Google Chrome prior to 145.0.7632.116/117 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.7559.116 (Linux) or later
• Update to version 145.0.7632.116/117 (Mac) or later
• Update to version 145.0.7632.116/117 (Windows) or later

---

Vulnerability Identifier

• CVE-2026-3061
• CVE-2026-3062
• CVE-2026-3063

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html

Microsoft Edge 多個漏洞

發佈日期: 2026年02月23日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露。

---

影響

• 遠端執行程式碼
• 資料洩露
• 阻斷服務

---

受影響之系統或技術

• Microsoft Edge 145.0.3800.70 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 145.0.3800.70 或之後版本

---

漏洞識別碼

• CVE-2026-2648
• CVE-2026-2649
• CVE-2026-2650

---

資料來源

• Microsoft Edge

---

相關連結

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2648
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2649
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2650

Microsoft Edge Multiple Vulnerabilities

Release Date: 23 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Denial of Service

---

System / Technologies affected

• Microsoft Edge version prior to 145.0.3800.70

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 145.0.3800.70 or later

---

Vulnerability Identifier

• CVE-2026-2648
• CVE-2026-2649
• CVE-2026-2650

---

Source

• Microsoft Edge

---

Related Link

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2648
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2649
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2650

Microsoft Teams 資料洩露漏洞

發佈日期: 2026年02月23日

風險: 中度風險

類型: 操作系統 - 應用程式平台

於Microsoft Teams 發現一個漏洞。遠端攻擊者可利用這個漏洞，於目標系統觸發洩露敏感資料。

---

影響

• 資料洩露

---

受影響之系統或技術

• Microsoft Teams

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式或緩解措施：

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535

---

漏洞識別碼

• CVE-2026-21535

---

資料來源

• Microsoft

---

相關連結

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535

Microsoft Teams Information Disclosure Vulnerability

Release Date: 23 Feb 2026

RISK: Medium Risk

TYPE: Operating Systems - Application Platforms

A vulnerability was identified in Microsoft Teams. A remote attacker could exploit this vulnerability to trigger sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure

---

System / Technologies affected

• Microsoft Teams

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes or mitigations issued by the vendor:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535

---

Vulnerability Identifier

• CVE-2026-21535

---

Source

• Microsoft

---

Related Link

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535

Google Chrome 多個漏洞

發佈日期: 2026年02月20日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況及敏感資料洩露。

---

影響

• 遠端執行程式碼
• 資料洩露
• 阻斷服務

---

受影響之系統或技術

• Google Chrome 144.0.7559.109 (Linux) 之前的版本
• Google Chrome 145.0.7632.109/110 (Mac) 之前的版本
• Google Chrome 145.0.7632.109/110 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.7559.109 (Linux) 或之後版本
• 更新至 145.0.7632.109/110 (Mac) 或之後版本
• 更新至 145.0.7632.109/110 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-2648
• CVE-2026-2649
• CVE-2026-2650

---

資料來源

• Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html

Google Chrome Multiple Vulnerabilities

Release Date: 20 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and sensitive information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Denial of Service

---

System / Technologies affected

• Google Chrome prior to 144.0.7559.109 (Linux)
• Google Chrome prior to 145.0.7632.109/110 (Mac)
• Google Chrome prior to 145.0.7632.109/110 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.7559.109 (Linux) or later
• Update to version 145.0.7632.109/110 (Mac) or later
• Update to version 145.0.7632.109/110 (Windows) or later

---

Vulnerability Identifier

• CVE-2026-2648
• CVE-2026-2649
• CVE-2026-2650

---

Source

• Chrome

---

Related Link

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html

Apache Tomcat 繞過保安限制漏洞

發佈日期: 2026年02月20日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache Tomcat 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發繞過保安限制。

---

影響

• 繞過保安限制

---

受影響之系統或技術

• Apache Tomcat 9.0.83 至 9.0.114 版本
• Apache Tomcat 10.1.0-M7 至 10.1.51 版本
• Apache Tomcat 11.0.0-M1 至 11.0.17 版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18

---

漏洞識別碼

• CVE-2026-24734

---

資料來源

• Apache Tomcat

---

相關連結

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18

Apache Tomcat Security Restriction Bypass Vulnerability

Release Date: 20 Feb 2026

RISK: Medium Risk

TYPE: Servers - Web Servers

A vulnerability has been identified in Apache Tomcat. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.

---

Impact

• Security Restriction Bypass

---

System / Technologies affected

• Apache Tomcat version 9.0.83 to 9.0.114
• Apache Tomcat version 10.1.0-M7 to 10.1.51
• Apache Tomcat version 11.0.0-M1 to 11.0.17

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18

---

Vulnerability Identifier

• CVE-2026-24734

---

Source

• Apache Tomcat

---

Related Link

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.115
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.52
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.18

F5 BIG-IP 阻斷服務漏洞

發佈日期: 2026年02月20日

風險: 中度風險

類型: 操作系統 - Network

於 F5 BIG-IP 發現一個漏洞。遠端攻擊者可利用這漏洞，於目標系統觸發阻斷服務狀況。

 

 

---

影響

• 阻斷服務

---

受影響之系統或技術

BIG-IP AFM and DDoS Hybrid Defender

 

• 17.5.1.4

 

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://my.f5.com/manage/s/article/K000160003

---

漏洞識別碼

• CVE-2026-2507

---

資料來源

• F5

---

相關連結

• https://my.f5.com/manage/s/article/K000160003

F5 BIG-IP Denial of Service Vulnerability

Release Date: 20 Feb 2026

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in F5 BIG-IP. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

---

Impact

• Denial of Service

---

System / Technologies affected

BIG-IP AFM and DDoS Hybrid Defender

 

• 17.5.1.4

 

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://my.f5.com/manage/s/article/K000160003

---

Vulnerability Identifier

• CVE-2026-2507

---

Source

• F5

---

Related Link

• https://my.f5.com/manage/s/article/K000160003

Microsoft Edge 多個漏洞

發佈日期: 2026年02月20日

風險: 極高度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發敏感資料洩露、阻斷服務狀況、繞過保安限制及遠端執行任意程式碼。

 

注意：

CVE-2026-2441 正在被廣泛利用。遠端攻擊者可以利用此漏洞，透過特製的 HTML 頁面在沙箱環境中執行任意程式碼。因此，此漏洞的風險等級被評為極高風險。

---

影響

• 阻斷服務
• 遠端執行程式碼
• 資料洩露
• 繞過保安限制

---

受影響之系統或技術

• Microsoft Edge 145.0.3800.58 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 145.0.3800.58 或之後版本

---

漏洞識別碼

• CVE-2026-0102
• CVE-2026-2313
• CVE-2026-2314
• CVE-2026-2316
• CVE-2026-2317
• CVE-2026-2318
• CVE-2026-2319
• CVE-2026-2320
• CVE-2026-2322
• CVE-2026-2323
• CVE-2026-2441

---

資料來源

• Microsoft Edge

---

相關連結

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-14-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2313
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2314
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2316
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2317
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2318
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2319
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2320
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2322
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2323
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2441

Microsoft Edge Multiple Vulnerabilities

Release Date: 20 Feb 2026

RISK: Extremely High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, denial of service condition, security restriction bypass and remote code execution on the targeted system.

 

Note:

CVE-2026-2441 is being exploited in the wild. A remote attacker could exploit this vulnerability to execute arbitrary code inside a sandbox via a crafted HTML page. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Denial of Service
• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• Microsoft Edge version prior to 145.0.3800.58

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 145.0.3800.58 or later

---

Vulnerability Identifier

• CVE-2026-0102
• CVE-2026-2313
• CVE-2026-2314
• CVE-2026-2316
• CVE-2026-2317
• CVE-2026-2318
• CVE-2026-2319
• CVE-2026-2320
• CVE-2026-2322
• CVE-2026-2323
• CVE-2026-2441

---

Source

• Microsoft Edge

---

Related Link

• https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-14-2026
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0102
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2313
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2314
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2316
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2317
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2318
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2319
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2320
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2322
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2323
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2441

Mozilla 遠端執行程式碼漏洞

發佈日期: 2026年02月20日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發阻斷服務狀況及遠端執行程式碼。

---

影響

• 阻斷服務
• 遠端執行程式碼

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

漏洞識別碼

• CVE-2026-2447

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/

Mozilla Products Remote Code Execution Vulnerability

Release Date: 20 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution

---

System / Technologies affected

Versions prior to:

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

Vulnerability Identifier

• CVE-2026-2447

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/

Google Chrome 遠端執行程式碼漏洞

發佈日期: 2026年02月16日

風險: 極高度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發遠端執行任意程式碼。

 

注意：

CVE-2026-2441 正在被廣泛利用。遠端攻擊者可以利用此漏洞，透過特製的 HTML 頁面在沙箱環境中執行任意程式碼。因此，此漏洞的風險等級被評為極高風險。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• Google Chrome 144.0.7559.75 (Linux) 之前的版本
• Google Chrome 145.0.7632.75/76 (Mac) 之前的版本
• Google Chrome 145.0.7632.75/76 (Windows) 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 144.0.7559.75 (Linux) 或之後版本
• 更新至 145.0.7632.75/76 (Mac) 或之後版本
• 更新至 145.0.7632.75/76 (Windows) 或之後版本

---

漏洞識別碼

• CVE-2026-2441

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

Google Chrome Remote Code Execution Vulnerability

Release Date: 16 Feb 2026

RISK: Extremely High Risk

TYPE: Clients - Browsers

A vulnerability was identified in Google Chrome. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note: 

CVE-2026-2441 is being exploited in the wild. A remote attacker could exploit this vulnerability to execute arbitrary code inside a sandbox via a crafted HTML page. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Google Chrome prior to 144.0.7559.75 (Linux)
• Google Chrome prior to 145.0.7632.75/76 (Mac)
• Google Chrome prior to 145.0.7632.75/76 (Windows)

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 144.0.7559.75 (Linux) or later
• Update to version 145.0.7632.75/76 (Mac) or later
• Update to version 145.0.7632.75/76 (Windows) or later

---

Vulnerability Identifier

• CVE-2026-2441

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

PostgreSQL 多個漏洞

發佈日期: 2026年02月16日

風險: 中度風險

類型: 伺服器 - 數據庫伺服器

於 PostgreSQL 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發權限提升、遠端執行任意程式碼及洩露敏感資料。

---

影響

• 遠端執行程式碼
• 資料洩露
• 權限提升

---

受影響之系統或技術

• PostgreSQL 18.2 之前的版本
• PostgreSQL 17.8 之前的版本
• PostgreSQL 16.12 之前的版本
• PostgreSQL 15.16 之前的版本
• PostgreSQL 14.21 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽軟體供應商之網站，以獲得更多詳細資料。

 

• 軟件供應商已提供修補程式：
• 升級至PostgreSQL 18.2 版本
• 升級至PostgreSQL 17.8 版本
• 升級至PostgreSQL 16.12 版本
• 升級至PostgreSQL 15.16 版本
• 升級至PostgreSQL 14.21 版本

---

漏洞識別碼

• CVE-2026-2003
• CVE-2026-2004
• CVE-2026-2005
• CVE-2026-2006
• CVE-2026-2007

---

資料來源

• PostgreSQL

---

相關連結

https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/

PostgreSQL Multiple Vulnerabilities

Release Date: 16 Feb 2026

RISK: Medium Risk

TYPE: Servers - Database Servers

Multiple vulnerabilities were identified in PostgreSQL. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Information Disclosure
• Elevation of Privilege

---

System / Technologies affected

• PostgreSQL versions prior to 18.2
• PostgreSQL versions prior to 17.8
• PostgreSQL versions prior to 16.12
• PostgreSQL versions prior to 15.16
• PostgreSQL versions prior to 14.21

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

 

• The vendor has issued fixes:
• Update to PostgreSQL version 18.2
• Update to PostgreSQL version 17.8
• Update to PostgreSQL version 16.12
• Update to PostgreSQL version 15.16
• Update to PostgreSQL version 14.21

---

Vulnerability Identifier

• CVE-2026-2003
• CVE-2026-2004
• CVE-2026-2005
• CVE-2026-2006
• CVE-2026-2007

---

Source

• PostgreSQL

---

Related Link

https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/

蘋果產品多個漏洞

發佈日期: 2026年02月13日

風險: 高度風險

類型: 操作系統 - 流動裝置及操作系統

於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、權限提升、洩露敏感資料、資料篡改及繞過保安限制。

 

注意：

CVE-2026-20700 正被廣泛利用。蘋果 iOS、iPadOS、macOS、tvOS、watchOS 和 visionOS 系統中存在記憶體緩衝區操作限制不當的問題，擁有記憶體寫入權限的攻擊者可能利用此漏洞執行任意程式碼。因此，該漏洞的風險等級被評為高度風險。

 

---

影響

• 阻斷服務
• 權限提升
• 繞過保安限制
• 資料洩露
• 篡改
• 遠端執行程式碼

---

受影響之系統或技術

• iOS 18.7.5 及 iPadOS 18.7.5 以前的版本
• iOS 26.3 及 iPadOS 26.3 以前的版本
• macOS Sonoma 14.8.4 以前的版本
• macOS Sequoia 15.7.4 以前的版本
• macOS Tahoe 26.3 以前的版本
• tvOS 26.3 以前的版本
• watchOS 26.3 以前的版本
• visionOS 26.3 以前的版本
• Safari 26.3 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式：

 

• iOS 18.7.5 及 iPadOS 18.7.5
• iOS 26.3 及 iPadOS 26.3
• macOS Sonoma 14.8.4
• macOS Sequoia 15.7.4
• macOS Tahoe 26.3
• tvOS 26.3
• watchOS 26.3
• visionOS 26.3
• Safari 26.3

---

漏洞識別碼

• CVE-2025-14174
• CVE-2025-43338
• CVE-2025-43402
• CVE-2025-43403
• CVE-2025-43417
• CVE-2025-43529
• CVE-2025-43533
• CVE-2025-43537
• CVE-2025-46283
• CVE-2025-46290
• CVE-2025-46300
• CVE-2025-46301
• CVE-2025-46302
• CVE-2025-46303
• CVE-2025-46304
• CVE-2025-46305
• CVE-2025-46310
• CVE-2025-59375
• CVE-2026-20601
• CVE-2026-20602
• CVE-2026-20603
• CVE-2026-20605
• CVE-2026-20606
• CVE-2026-20608
• CVE-2026-20609
• CVE-2026-20610
• CVE-2026-20611
• CVE-2026-20612
• CVE-2026-20614
• CVE-2026-20615
• CVE-2026-20616
• CVE-2026-20617
• CVE-2026-20618
• CVE-2026-20619
• CVE-2026-20620
• CVE-2026-20621
• CVE-2026-20623
• CVE-2026-20624
• CVE-2026-20625
• CVE-2026-20626
• CVE-2026-20627
• CVE-2026-20628
• CVE-2026-20629
• CVE-2026-20630
• CVE-2026-20634
• CVE-2026-20635
• CVE-2026-20636
• CVE-2026-20638
• CVE-2026-20640
• CVE-2026-20641
• CVE-2026-20642
• CVE-2026-20644
• CVE-2026-20645
• CVE-2026-20646
• CVE-2026-20647
• CVE-2026-20648
• CVE-2026-20649
• CVE-2026-20650
• CVE-2026-20652
• CVE-2026-20653
• CVE-2026-20654
• CVE-2026-20655
• CVE-2026-20656
• CVE-2026-20658
• CVE-2026-20660
• CVE-2026-20661
• CVE-2026-20662
• CVE-2026-20663
• CVE-2026-20666
• CVE-2026-20667
• CVE-2026-20669
• CVE-2026-20671
• CVE-2026-20673
• CVE-2026-20674
• CVE-2026-20675
• CVE-2026-20676
• CVE-2026-20677
• CVE-2026-20678
• CVE-2026-20680
• CVE-2026-20681
• CVE-2026-20682
• CVE-2026-20700

---

資料來源

• Apple

---

相關連結

• https://support.apple.com/en-hk/126346
• https://support.apple.com/en-hk/126347
• https://support.apple.com/en-hk/126348
• https://support.apple.com/en-hk/126349
• https://support.apple.com/en-hk/126350
• https://support.apple.com/en-hk/126351
• https://support.apple.com/en-hk/126352
• https://support.apple.com/en-hk/126353
• https://support.apple.com/en-hk/126354
• https://www.cisa.gov/news-events/alerts/2026/02/12/cisa-adds-four-known-exploited-vulnerabilities-catalog