从该网页截图中,我们可以获取到两个关键的安全漏洞信息。以下是从截图中提取的关键信息,以简洁的Markdown格式呈现: January 19th, 2026 - Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8 Severity CVSS v3.1: 10.0 Affected products: Dynamicweb 9 and Dynamicweb 8 Description A security vulnerability allows an unauthenticated remote attacker to execute arbitrary code under certain conditions. This issue has been addressed by Dynamicweb. Impact Unauthorized access to system resources and compromise of the affected installation. No active exploitation known at publication. Fix The fix restricts access and ensures validation of external input. Mitigation Ensure administrative functionality is not publicly accessible. Apply the stand-alone hotfix for non-cloud installations. --- August 25th, 2025 - Exposure of Customer Information via Payment Callback Severity CVSS v3.1: 7.5 Description A vulnerability exists in solutions running on DynamicWeb 9 and 10 configured with the QuickPayPaymentWindow provider. It can expose customer information under certain conditions involving error templates. Impact Potential exposure of customer information such as name, email, delivery info, and payment method. Recommended Remediation 1. Short term (Customer Level): Review and modify error templates to avoid showing personal information. 2. Long term (Product Level): Update the QuickPayPaymentWindow CheckoutHandler method. GDPR Considerations Potential GDPR incident due to data exposure; customer's compliance team must evaluate notification necessity. Next Steps Review configuration and access logs. Apply the recommended updates once available.