CVE-2026-1731

Overview

BeyondTrust
Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026

Published

14 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.9)

EPSS

49.74%

MITRE

KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

7 Posts
3 Interactions

Last activity: 6 hours ago

Fediverse

TechNadu @technadu

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

#CyberSecurity #Infosec #ZeroDay #Ransomware #PAM #ThreatIntel #SecurityCommunity #CVE20261731

0
0
1
9h ago

Bluesky

News Analysis @newsanalysis.com

Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News

1
1
0
15h ago

piyokango @piyokango.bsky.social

BeyondTrustの深刻な脆弱性（CVE-2026-1731）を悪用したVShellとSparkRATを確認 #CybersecurityNews unit42.paloaltonetworks.com/beyondtrust-...

0
1
0
6h ago

Undercode Testing @undercode.bsky.social

Critical BeyondTrust CVE-2026-1731 Exploited in the Wild: The Bash Arithmetic Injection That Hands Attackers the Keys to Your Kingdom + Video Introduction A recently disclosed critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products is under active…

0
0
0
20h ago

Undercode Testing @undercode.bsky.social

Anatomy of a Zero-Trigger RCE: Inside the BeyondTrust CVE-2026-1731 Attack Wave Deploying SparkRAT and VShell Backdoors + Video Introduction A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access products has triggered a wave of…

0
0
0
20h ago

Information Security Briefly @infosecbriefly.bsky.social

Hospitals and clinics must urgently patch CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access to prevent ransomware footholds.

0
0
0
20h ago

CVE-2026-2441

Overview

Google
Chrome

13 Feb 2026

Published

20 Feb 2026

Updated

CVSS

Pending

EPSS

0.46%

MITRE

KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

4 Posts
1 Interaction

Last activity: 5 hours ago

Fediverse

Michael Brazda @omnipotens

CSS Cyberattacks

Hackers sneak malicious code into CSS to hide attacks, steal data & evade detection: injection for phishing, keylogging via selectors, clickjacking overlays, hidden malware, even zero-day Chrome flaw (CVE-2026-2441) patched Feb 2026.
Protect: sanitize inputs, strong CSP, keep updated, monitor traffic.

Stay safe

0
1
0
20h ago

Gea-Suan Lin @gslin

https://blog.gslin.org/archives/2026/02/21/12906/chromium-%e8%99%95%e7%90%86-css-%e7%9a%84-use-after-free-%e5%95%8f%e9%a1%8c%ef%bc%8c%e5%8f%af-rce-cve-2026-2441/

Chromium 處理 CSS 的 Use after free 問題，可 RCE (CVE-2026-2441)

#advisory #after #browser #chromium #code #css #cve #execution #font #free #rce #remote #use #webgpu

0
0
0
9h ago

Bluesky

Beiruttime-lb.com @beiruttime.bsky.social

تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…

0
0
0
9h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

#Fedora 42: Patch CVE-2026-2441 NOW. Active exploits targeting Chromium's CSS engine (Use After Free). Update to 145.0.7632.75 via DNF immediately to block RCE attacks.🐧🛡️ Read more: 👉 tinyurl.com/4fmushem #Security

0
0
0
5h ago

CVE-2026-25896

Overview

NaturalIntelligence
fast-xml-parser

20 Feb 2026

Published

20 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.03%

MITRE

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Statistics

3 Posts

Last activity: 2 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! https://radar.offseq.com/threat/cve-2026-25896-cwe-185-incorrect-regular-expressio-a786da3a #OffSeq #Infosec #XSS #NodeJS

0
0
0
18h ago

Endor Labs @endorlabs

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

https://www.endorlabs.com/learn/cve-2026-25896-fast-xml-parser

0
0
0
2h ago

Bluesky

Lambda Watchdog @lambdawatchdog.bsky.social

🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-25896 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/429 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless

0
0
0
8h ago

CVE-2026-26119

Overview

Microsoft
Windows Admin Center

17 Feb 2026

Published

20 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.07%

MITRE

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

2 Posts
1 Interaction

Last activity: 6 hours ago

Bluesky

Tech-News @technology-news.bsky.social

Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.

0
1
0
6h ago

Ninja Owl @ninjaowl.ai

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
0
0
21h ago

CVE-2026-27477

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

2 Posts
1 Interaction

Last activity: 23 hours ago

Fediverse

geeknik @geeknik

Found a couple of bugs in Mastodon.
One of them just received CVE-2026-27477.
Keeping you safe, one line of code at a time.

0
1
1
23h ago

CVE-2026-26360

Overview

Dell
Unisphere for PowerMax

19 Feb 2026

Published

19 Feb 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.05%

MITRE

KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

Statistics

1 Post
1 Interaction

Last activity: 10 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote... https://www.cyberhub.blog/cves/CVE-2026-26360

0
1
0
10h ago

CVE-2026-1670

Overview

Honeywell
I-HIB2PI-UL 2MP IP

17 Feb 2026

Published

18 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.04%

MITRE

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

1 Post
1 Interaction

Last activity: 6 hours ago

Bluesky

Commonwealth Sentinel Cyber Security @cwealthsentinel.bsky.social

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

0
1
0
6h ago

CVE-2025-12707

Overview

owthub
Library Management System

19 Feb 2026

Published

19 Feb 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.07%

MITRE

KEV

Description

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

1 Post

Last activity: 12 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2025-12707 - The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 ... https://www.cyberhub.blog/cves/CVE-2025-12707

0
0
0
12h ago

CVE-2026-27112

Overview

akuity
kargo

20 Feb 2026

Published

20 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.4)

EPSS

0.24%

MITRE

KEV

Description

Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.

Statistics

1 Post

Last activity: 20 hours ago

Fediverse

Offensive Sequence @offseq

🚨 CRITICAL vuln: CVE-2026-27112 in akuity kargo (v1.7.0 – 1.9.2) enables resource injection & privilege escalation via batch API endpoints. Patch to 1.7.8/1.8.11/1.9.3+ ASAP. Monitor logs & restrict API access. https://radar.offseq.com/threat/cve-2026-27112-cwe-863-incorrect-authorization-in--0476694e #OffSeq #Kubernetes #InfoSec

0
0
0
20h ago

CVE-2026-27452

Overview

JonathanWilbur
asn1-ts

21 Feb 2026

Published

21 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

0.04%

MITRE

KEV

Description

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.

Statistics

1 Post

Last activity: 12 hours ago

Fediverse

Offensive Sequence @offseq

🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: https://radar.offseq.com/threat/cve-2026-27452-cwe-200-exposure-of-sensitive-infor-d39700d7 #OffSeq #Vulnerability #Security #CVE202627452

0
0
0
12h ago