24h | 7d | 30d

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
61.38%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 6 Posts
  • 17 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published

greynoise.io/blog/reconnaissan

x.com/ethicalhack3r/status/202

x.com/DefusedCyber/status/2022

  • 4
  • 1
  • 0
  • 20h ago
Profile picture fallback
Patrick C Miller :donor: @patrickcmiller

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release securityaffairs.com/187962/unc

  • 0
  • 0
  • 1
  • 3h ago

Bluesky

Profile picture fallback
Catalin Cimpanu @campuscodi.risky.biz
Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published www.greynoise.io/blog/reconna... x.com/ethicalhack3... x.com/DefusedCyber...
  • 4
  • 6
  • 0
  • 20h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731) - Help Net Security www.helpnetsecurity.com/2026/02/13/b...
  • 0
  • 2
  • 0
  • 9h ago
Profile picture fallback
r/blueteamsec bot @r-blueteamsec.bsky.social
Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-20700

Overview

  • Apple
  • macOS
11 Feb 2026
Published
13 Feb 2026
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Statistics

  • 3 Posts
  • 10 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
jbz @jbz

⚠️ Apple patches decade-old iOS zero-day exploited in the wild

「 CVE-2026-20700, discovered by Google's Threat Analysis Group, affects dyld - Apple's dynamic linker - and allows attackers with memory write capability to execute arbitrary code. Apple said the flaw was exploited in the wild and may have been part of an exploit chain 」

theregister.com/2026/02/12/app

#apple #zeroday #cybersecurity #CVE202620700

  • 6
  • 4
  • 0
  • 21h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Here's a snapshot of recent geopolitical, technology, and cybersecurity developments:

**Geopolitical:** Iranian FM Araghchi stated on Feb 14, 2026, that the EU has lost its geopolitical weight, criticizing the Munich Security Conference on Iran. African leaders held their AU Summit Feb 14-15, focusing on water security and Sudan's conflict.

**Technology:** AI faces significant energy bottlenecks in February 2026, potentially altering industry growth. Singapore committed $155B to a nationwide AI push on Feb 14, 2026.

**Cybersecurity:** Apple patched CVE-2026-20700, an actively exploited zero-day, on Feb 11, 2026. Malicious Chrome extensions were discovered stealing sensitive business and email data around Feb 13-14, 2026.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
azlab@uec @uecazlab.bsky.social
【UPDATE】mac, iPhone, iPad, apple watch, tv, visionの製品を利用の方は,アップデートの実施を! ゼロデイ脆弱性「CVE-2026-20700」はmacOS / tvOS / watchOS / visionOSにも影響.Appleがセキュリティ更新を実施 forest.watch.impress.co.jp/docs/news/20... #SecurityUpdate
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.11%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 18 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
m0bi ⁂ @m0bi

Czytam, że #Microsoft "poprawił" Notatnik (#Notepad).

Tak, ten program, który nie był dotykany, od 40 lat robił tylko to, co miał robić.
Dodali mu sztuczną inteligencję, dostęp do sieci, obsługę Markdown. A może Copilot dodał?🤔

CVE-2026-20841. CVSS 8.8. Zdalne wykonywanie kodu.

sekurak.pl/podatnosc-klasy-rce

  • 5
  • 12
  • 0
  • 23h ago
Profile picture fallback
Alper Çuğun-Gscheidel @alper

Microsoft, the company known for such amazing achievements as Teams, Github's uptime, Copilot etc. has managed to add features to Notepad in such a way, they introduced a remote code execution vulnerability.

msrc.microsoft.com/update-guid

  • 0
  • 1
  • 0
  • 10h ago

CVE-2024-43468

Overview

  • Microsoft
  • Microsoft Configuration Manager
08 Oct 2024
Published
12 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
87.46%
KEV

Description

Microsoft Configuration Manager Remote Code Execution Vulnerability

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Anonymous :verified: @youranonnewsirc

Feb 14-15, 2026: The Munich Security Conference highlights deepening transatlantic tensions and calls for EU strategic autonomy, amid US-Greenland territorial friction. China debuted the first sodium-ion EV. CISA warned of an actively exploited SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468), urging immediate patching. "Agentic AI" is rapidly escalating cyber threats, with many CISOs unprepared for new attack surfaces and speeds.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Pia @cecallihelper.bsky.social
CISA: "critical remote code execution vulnerability (CVE-2024-43468) in Microsoft Configuration Manager is being actively exploited" www.linkedin.com/posts/cisowh... #cybersec #natsec "What CISOs should do:"
  • 1
  • 1
  • 0
  • 2h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
82.70%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 19 hours ago

Fediverse

Profile picture fallback
PrivacyDigest @PrivacyDigest

Sudden #Telnet Traffic Drop. Are #Telcos Filtering Ports to Block Critical #Vulnerability?

Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, 6 days before #security advisories for CVE-2026-24061 went public on Jan 20. The flaw, a decade-old bug in GNU #InetUtils telnetd with a 9.8 #CVSS score, allows …

tech.slashdot.org/story/26/02/

  • 2
  • 0
  • 0
  • 19h ago

CVE-2026-1490

Overview

  • cleantalk
  • Spam protection, Honeypot, Anti-Spam by CleanTalk
15 Feb 2026
Published
15 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-1490: CleanTalk Spam Protection plugin (WordPress) CRITICAL vuln (CVSS 9.8) lets unauth attackers install plugins via reverse DNS spoofing if API key is invalid. Audit keys & restrict plugin installs! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 16h ago

CVE-2018-0802

Overview

  • Microsoft Corporation
  • Equation Editor
10 Jan 2018
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.89%
KEV

Description

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection gbhackers.com/new-xworm-ra...
  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-25753

Overview

  • Praskla-Technology
  • assessment-placipy
06 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-25753 Exposed: How a Simple Credential Flaw Can Lead to Mass Account Takeover + Video Introduction: In the ever-evolving landscape of web application security, the authentication mechanism remains the most targeted barrier between an attacker and sensitive data. A recently disclosed…
  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-22906

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 21 hours ago

Fediverse

Profile picture fallback
elhacker.NET @elhackernet

CVE-2026-22906: Vulnerabilidad Crítica en Almacenamiento de Credenciales

blog.elhacker.net/2026/02/cve-

  • 0
  • 1
  • 0
  • 21h ago

CVE-2025-64712

Overview

  • Unstructured-IO
  • unstructured
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.08%
KEV

Description

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution gbhackers.com/cve-2025-647...
  • 0
  • 1
  • 0
  • 9h ago
Showing 1 to 10 of 29 CVEs