24h | 7d | 30d

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 4 Posts
  • 3 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: thehackernews.com/2026/02/beyo

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

  • 0
  • 0
  • 1
  • 14h ago

Bluesky

Profile picture fallback
News Analysis @newsanalysis.com
Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News
  • 1
  • 1
  • 0
  • 20h ago
Profile picture fallback
piyokango @piyokango.bsky.social
BeyondTrustの深刻な脆弱性(CVE-2026-1731)を悪用したVShellとSparkRATを確認 #CybersecurityNews unit42.paloaltonetworks.com/beyondtrust-...
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-25896

Overview

  • NaturalIntelligence
  • fast-xml-parser
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
Endor Labs @endorlabs

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

endorlabs.com/learn/cve-2026-2

  • 1
  • 1
  • 0
  • 7h ago
Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-25896 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/429 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.46%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Gea-Suan Lin @gslin

blog.gslin.org/archives/2026/0

Chromium 處理 CSS 的 Use after free 問題,可 RCE (CVE-2026-2441)

#advisory #after #browser #chromium #code #css #cve #execution #font #free #rce #remote #use #webgpu

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture fallback
Beiruttime-lb.com @beiruttime.bsky.social
تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#Fedora 42: Patch CVE-2026-2441 NOW. Active exploits targeting Chromium's CSS engine (Use After Free). Update to 145.0.7632.75 via DNF immediately to block RCE attacks.🐧🛡️ Read more: 👉 tinyurl.com/4fmushem #Security
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.14%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
Last activity: Last hour

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600 phones enables unauthenticated remote root code execution, allowing call interception and credential extraction.
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-26360

Overview

  • Dell
  • Unisphere for PowerMax
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.05%
KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 15 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote... https://www.cyberhub.blog/cves/CVE-2026-26360
  • 0
  • 1
  • 0
  • 15h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Commonwealth Sentinel Cyber Security @cwealthsentinel.bsky.social
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Tech-News @technology-news.bsky.social
Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.
  • 0
  • 1
  • 0
  • 10h ago

CVE-2025-12707

Overview

  • owthub
  • Library Management System
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.07%
KEV

Description

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2025-12707 - The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 ... https://www.cyberhub.blog/cves/CVE-2025-12707
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-27452

Overview

  • JonathanWilbur
  • asn1-ts
21 Feb 2026
Published
21 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV

Description

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-25646

Overview

  • pnggroup
  • libpng
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.06%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Urgent: #Fedora 42/43 mingw-libpng update addresses CVE-2026-25646—a critical heap overflow in png_set_quantize. If you cross-compile Windows apps, patch now to avoid shipping vulnerable binaries. Read more: 👉 tinyurl.com/377ctus3 #Security
  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 37 CVEs