CVE-2026-20700

Overview

Apple
macOS

11 Feb 2026

Published

12 Feb 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Statistics

11 Posts
5 Interactions

Last activity: Last hour

Fediverse

Christoph Schmees @PC_Fluesterer

Apple aktualisiert alles 2026-02

Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheitslücken betreffen die Spracherkennung (Siri), ermöglichen sie doch, auch einem gesperrten iPhone persönliche Daten zu entloc

https://www.pc-fluesterer.info/wordpress/taxopress_logs/apple-aktualisiert-alles-2026-02/

0
0
1
13h ago

Jeff Hall - PCIGuru :verified: @jbhall56

The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

0
0
1
11h ago

Christopher Horrell @chorrell

Update your iPhones to iOS 26.3, CVE-2026-20700 is pretty bad!

https://go.theregister.com/feed/www.theregister.com/2026/02/12/apple_ios_263/

0
0
0
9h ago

Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 3 vulnerabilities to the KEV Catalog

CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.

CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.

CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

2
2
0
5h ago

Bluesky

Tech-News @technology-news.bsky.social

Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS, macOS, and Apple devices.

0
1
0
17h ago

CrowdCyber @crowdcyber.bsky.social

Apple Zero-Day (CVE-2026-20700) Exploited in the Wild

0
0
0
15h ago

Help Net Security @helpnetsecurity.com

Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700) 📖 Read more: www.helpnetsecurity.com/2026/02/12/a... #cybersecurity #cybersecuritynews #0day #iOS #macOS #iPad

0
0
0
13h ago

キタきつね @kitafox.bsky.social

Apple、標的型攻撃で悪用されるゼロデイ脆弱性（CVE-2026-20700）を修正 Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700) #HelpNetSecurity (Feb 12) www.helpnetsecurity.com/2026/02/12/a...

0
0
0
2h ago

セキュリティ対策Lab @securitylab-jp.bsky.social

Apple、iOS 26.3／iPadOS 26.3で複数の脆弱性を修正（CVE-2026-20700）、高度に標的化されたサイバー攻撃での悪用の可能性 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews

0
0
0
Last hour

CVE-2026-20841

Overview

Microsoft
Windows Notepad

10 Feb 2026

Published

12 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.10%

MITRE

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

6 Posts
2 Interactions

Last activity: 2 hours ago

Fediverse

arudesalad @arudesalad

Literally

(CVE)

1
0
0
7h ago

Bluesky

Undercode Testing @undercode.bsky.social

Notepad++ Just Became a Hacker’s Best Friend: CVE-2026-20841 Exposes Millions – Patch Now! + Video Introduction: The humble text editor has evolved into a complex rendering engine, and with that evolution comes a critical flaw. Microsoft’s emergency patch for CVE-2026-20841 confirms that Notepad’s…

0
1
0
10h ago

小众软件 @appinn.bsky.social

在微软 2026 年 2 月周二补丁日中，修改了 58 个漏洞，其中包括 6 个被积极利用的漏洞和 3 个公开披露的零日漏洞。其中有一个被评估为高严重性的 8.8 分漏洞 CVE-2026-20841：Windows

0
0
0
22h ago

r/netsec bot @r-netsec.bsky.social

Microsoft's Notepad Got Pwned (CVE-2026-20841)

0
0
0
15h ago

Help Net Security @helpnetsecurity.com

Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841) 📖 Read more: www.helpnetsecurity.com/2026/02/12/w... #cybersecurity #cybersecuritynews #Windows #PoC #socialengineering @microsoft.com

0
0
0
9h ago

キタきつね @kitafox.bsky.social

Windows のメモ帳の Markdown 機能が RCE の扉を開く (CVE-2026-20841) Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841) #HelpNetSecurity (Feb 12) www.helpnetsecurity.com/2026/02/12/w...

0
0
0
2h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

10 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

37.88%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

2 Posts
41 Interactions

Last activity: 3 hours ago

Fediverse

Cat 🐈🥗 (D.Burch) :paw:⁠:paw: @catsalad

USER='-f root' telnet -a ur.momma

root@ur.momma:~# got em!

https://www.cve.org/CVERecord?id=CVE-2026-24061

https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html

10
30
0
22h ago

tobru 🇨🇭 🧑‍🚒 @tobru

2026-01-14: The Day the telnet Died

"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."

Link: https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

#linkdump #blogpost #filtering #internet #iso #security #telnet

1
0
0
3h ago

CVE-2026-25646

Overview

pnggroup
libpng

10 Feb 2026

Published

11 Feb 2026

Updated

CVSS v4.0

HIGH (8.3)

EPSS

0.04%

MITRE

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

2 Posts
4 Interactions

Last activity: 15 hours ago

Fediverse

buherator @buherator

libpng CVE-2026-25646: Heap buffer overflow in `png_set_quantize`

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

2
2
0
15h ago

Bluesky

buherator @buherator.bsky.social

libpng CVE-2026-25646: Heap buffer overflow in `png_set_quantize` github.com -> Original->

0
0
0
15h ago

CVE-2025-9142

Overview

checkpoint
Hramony SASE

14 Jan 2026

Published

14 Jan 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.01%

MITRE

KEV

Description

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Statistics

2 Posts

Last activity: 15 hours ago

Fediverse

buherator @buherator

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/

/via @badsectorlabs

0
0
0
15h ago

Bluesky

buherator @buherator.bsky.social

Check Point Harmony Local Privilege Escalation (CVE-2025-9142) blog.amberwolf.com -> /via @badsectorlabs Original->

0
0
0
15h ago

CVE-2026-0969

Overview

HashiCorp
Shared library

12 Feb 2026

Published

12 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.07%

MITRE

KEV

Description

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0.

Statistics

2 Posts

Last activity: 3 hours ago

Fediverse

Socket @SocketSecurity

Update: We’ve published free Socket Certified Patches for the next-mdx-remote RCE vulnerability (CVE-2026-0969).
No dependency upgrade required, and you don’t have to be a Socket customer to use them.

Details: https://socket.dev/blog/high-severity-rce-vulnerability-disclosed-in-next-mdx-remote
#NextJS

0
0
0
3h ago

Bluesky

piggo @pigondrugs.bsky.social

~Socket~ High-severity RCE (CVE-2026-0969) in next-mdx-remote < 6.0.0 allows code execution when rendering untrusted server-side MDX content. - IOCs: CVE-2026-0969 - #CVE20260969 #RCE #ThreatIntel

0
0
0
4h ago

CVE-2026-26007

Overview

pyca
cryptography

10 Feb 2026

Published

11 Feb 2026

Updated

CVSS v4.0

HIGH (8.2)

EPSS

0.01%

MITRE

KEV

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.

Statistics

2 Posts

Last activity: 1 hour ago

Bluesky

CrowdCyber @crowdcyber.bsky.social

CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys

0
0
0
4h ago

キタきつね @kitafox.bsky.social

CVE-2026-26007: Pythonの暗号化の脆弱性 (CVSS 8.2) により秘密鍵が漏洩する CVE-2026-26007: Python Cryptography Flaw (CVSS 8.2) Leaks Private Keys #DailyCyberSecurity (Feb 12) securityonline.info/cve-2026-260...

0
0
0
1h ago

CVE-2026-1731

Overview

BeyondTrust
Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026

Published

10 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.9)

EPSS

4.22%

MITRE

KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

2 Posts
14 Interactions

Last activity: 6 hours ago

Fediverse

GreyNoise @greynoise

It took less than a day. A PoC for BeyondTrust CVE-2026-1731 hit GitHub, and GreyNoise immediately started seeing reconnaissance from multi-exploit actors hiding behind VPNs + custom tooling. See what our data reveals about who’s mapping targets + how.

🔗 https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731

6
8
1
6h ago

CVE-2026-26081

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
3 Interactions

Last activity: 6 hours ago

Fediverse

ScriptFanix💍⏚ ⸫ @ScriptFanix

2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC

https://www.haproxy.com/blog/cves-2026-quic-denial-of-service

2
1
0
9h ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

#Debian DSA-6130-1 is out. HAProxy + QUIC = potential instant crash. Here is exactly what CVE-2026-26081 does and how to fix it without breaking your SLOs. 🧵 Read more: 👉 tinyurl.com/4s6uptr7 #Security

0
0
0
6h ago

CVE-2026-21533

Overview

Microsoft
Windows 11 version 26H1

10 Feb 2026

Published

12 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.40%

MITRE

KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

3 Posts

Last activity: 19 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

Windows Remote Desktop Services Zero-Day Under Active Attack: The Registry Massacre That Grants SYSTEM Access + Video Introduction The February 2026 Patch Tuesday revealed a nightmare scenario for enterprise security teams: CVE-2026-21533, a zero-day elevation of privilege vulnerability in Windows…

0
0
0
19h ago

ohhara @shiojiri.com

マイクロソフト、攻撃で悪用されているゼロデイ6件などを修正（CVE-2026-21533、CVE-2026-21525ほか） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43837/

0
0
0
20h ago

ohhara @shiojiri.com

「この内 CVE-2026-21510、CVE-2026-21513、CVE-2026-21514、CVE-2026-21519、CVE-2026-21525、CVE-2026-21533 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、セキュリティ更新プログラムを適用してください。」

0
0
0
20h ago