NVD disclosure day

Published threat advisories for January 23, 2026

CVE advisoryKnown Exploit

CVE-2026-24423

SmarterMail ConnectToHub API Unauthenticated Remote Code Execution.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An unauthenticated remote code execution vulnerability exists in SmarterMail's ConnectToHub API. Attackers can direct the application to a malicious server, leading to the execution of operating system commands. This impacts organizations by potentially compromising systems and data.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2025-4320

Sufirmam Authentication Bypass and Weak Password Recovery

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Sufirmam software allows attackers to bypass authentication and recover user passwords through a weak recovery mechanism. This could lead to unauthorized account access and control if the software is reachable. The vendor has not responded to the disclosure of this critical issue.

NVD published:

CVE advisoryCRITICAL

CVE-2025-4319

Sufirmam Authentication and Password Recovery Vulnerabilities

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in Sufirmam's authentication and password recovery mechanisms allows for brute-force attacks and password exploitation. This could lead to unauthorized access to user accounts and potentially sensitive information when the system is reachable over a network. The vendor has not responded to inqu

NVD published: