24h | 7d | 30d

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.34%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 2 Posts
  • 5 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Simon D. @siltaer

Une vulnérabilité Chromium en pure CSS qui permet de récupérer des données sensibles comme le token CSRF (CVE-2026-2441)
sitepoint.com/zero-day-css-cve

Zero-Day CSS: Deconstructing CVE-2026-2441

#Chrome #Chromium #CSS #CSRF #CVE

  • 3
  • 2
  • 0
  • 10h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Recent reports highlight significant activity across global sectors.

**Cybersecurity:** The University of Mississippi Medical Center closed clinics (Feb 23-24) following a ransomware attack. A critical Chromium zero-day (CVE-2026-2441) is actively exploited, mandating urgent patching for browsers. Figure Fintech reported a major 1 million account data breach stemming from a sophisticated vishing attack. The U.S. implemented new CIRCIA regulations, requiring critical infrastructure to report cyber incidents within 72 hours and ransom payments within 24 hours.

**Technology:** Google's $32 billion acquisition of Wiz has received European Commission approval, marking a significant consolidation in cloud security.

**Geopolitics:** U.S.-China competition continues to be a driving force, alongside new U.S. tariffs, contributing to global market volatility.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 10 Version 1607
10 Feb 2026
Published
23 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
4.12%
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 2 Posts
  • 3 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Akamai links recent MSHTML zero-day patched this month to APT28 operations

akamai.com/blog/security-resea

  • 3
  • 0
  • 0
  • 3h ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Akamai~ Russian state-sponsored actor APT28 is actively exploiting a critical MSHTML vulnerability to bypass security features and execute arbitrary code. - IOCs: wellnesscaremed. com - #APT28 #CVE202621513 #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-40538

Overview

  • SolarWinds
  • Serv-U
24 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.03%
KEV

Description

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 1 hour ago

Bluesky

Profile picture fallback
PCI Guru @jbhall56.bsky.social
The most severe of the four security flaws patched by SolarWinds today in Serv-U 15.5.4 is tracked as CVE-2025-40538, and it allows attackers with high privileges to gain root or admin permissions on vulnerable servers. www.bleepingcomputer.com/news/securit...
  • 0
  • 1
  • 1
  • 7h ago
Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2025-40538 - A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and exe... https://www.cyberhub.blog/cves/CVE-2025-40538
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25108

Overview

  • Soliton Systems K.K.
  • FileZen
13 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.0
HIGH (8.8)
EPSS
0.25%
KEV

Description

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Statistics

  • 2 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Cisa~ CISA warns of active exploitation of a command injection vulnerability (CVE-2026-25108) in Soliton Systems FileZen. - IOCs: CVE-2026-25108 - #CVE202625108 #ThreatIntel #Vulnerability
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
キタきつね @kitafox.bsky.social
CISA、既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Feb 24) CVE-2026-25108ソリトンシステムズ株式会社 FileZen OS コマンドインジェクション脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-59201

Overview

  • Microsoft
  • Windows 10 Version 1507
14 Oct 2025
Published
22 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: Last hour

Fediverse

Profile picture fallback
Clément Labro @itm4n

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 itm4n.github.io/cve-2025-59201

I'd like to write more of those but it's so time-consuming. 😔

  • 3
  • 0
  • 0
  • Last hour

CVE-2025-64328

Overview

  • FreePBX
  • filestore
07 Nov 2025
Published
13 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
17.45%
KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Bluesky

Profile picture fallback
The Shadowserver Foundation @shadowserver.bsky.social
IP data in our Compromised Website report, tagged 'freepbx-compromised' - www.shadowserver.org/what-we-do/n... Compromised FreePBX tracker: dashboard.shadowserver.org/statistics/c... Compromises are likely via CVE-2025-64328 Additional background from Fortinet: www.fortinet.com/blog/threat-...
  • 0
  • 1
  • 0
  • 1h ago

CVE-2026-2872

Overview

  • Tenda
  • A21
21 Feb 2026
Published
23 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-2872 - A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackR... https://www.cyberhub.blog/cves/CVE-2026-2872
  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-27574

Overview

  • OneUptime
  • oneuptime
21 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%
KEV

Description

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, allowing trivial sandbox escape via a well-known one-liner that grants full access to the underlying process. Because the probe runs with host networking and holds all cluster credentials (ONEUPTIME_SECRET, DATABASE_PASSWORD, REDIS_PASSWORD, CLICKHOUSE_PASSWORD) in its environment variables, and monitor creation is available to the lowest role (ProjectMember) with open registration enabled by default, any anonymous user can achieve full cluster compromise in about 30 seconds. This issue has been fixed in version 10.0.5.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-27574 - OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's no... https://www.cyberhub.blog/cves/CVE-2026-27574
  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-2907

Overview

  • Tenda
  • HG9
22 Feb 2026
Published
23 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 20 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-2907 - A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of... https://www.cyberhub.blog/cves/CVE-2026-2907
  • 0
  • 1
  • 0
  • 20h ago

CVE-2026-27470

Overview

  • ZoneMinder
  • zoneminder
21 Feb 2026
Published
24 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.03%
KEV

Description

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents() function. Event field values (specifically Name and Cause) are stored safely via parameterized queries but are later retrieved and concatenated directly into SQL WHERE clauses without escaping. An authenticated user with Events edit and view permissions can exploit this to execute arbitrary SQL queries.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-27470 - ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a... https://www.cyberhub.blog/cves/CVE-2026-27470
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 84 CVEs