Threat Advisories - NVD Disclosed February 3, 2026

CVE-2026-1341

Avation Light Engine Pro Unauthenticated Configuration Access.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

The Avation Light Engine Pro's configuration and control interface is accessible without authentication, potentially exposing system settings and operational controls to unauthorized modification or access when network-accessible.

NVD published: February 3, 2026

CVE advisoryCRITICAL

CVE-2025-5319

DIGITA Efficiency Management System SQL Injection.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability in the DIGITA Efficiency Management System could allow attackers to access or modify sensitive data if the system is reachable. The vendor has not responded to inquiries regarding this issue.

NVD published: February 3, 2026

CVE advisoryKnown Exploit

CVE-2025-15556

Notepad++ Updater Integrity Vulnerability Allows Code Execution.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

The Notepad++ WinGUp updater has an integrity vulnerability where downloaded updates are not verified. An attacker can redirect update traffic to deliver a malicious installer, leading to arbitrary code execution on user systems. Organizations should apply vendor mitigations due to the business risk.

NVD published: February 3, 2026 • CISA KEV