24h | 7d | 30d

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 4 Posts
  • 3 Interactions

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: thehackernews.com/2026/02/beyo

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

  • 0
  • 0
  • 1
  • 14h ago

Bluesky

Profile picture fallback
Critical BeyondTrust flaw (CVE-2026-1731) is being actively exploited for web shell deployment, data exfiltration, and backdoors across multiple sectors. US, France, Germany, Australia and Canada are impacted. Patch now! #CyberSecurity #News
  • 1
  • 1
  • 0
  • 20h ago
Profile picture fallback
BeyondTrustの深刻な脆弱性(CVE-2026-1731)を悪用したVShellとSparkRATを確認 #CybersecurityNews unit42.paloaltonetworks.com/beyondtrust-...
  • 0
  • 1
  • 0
  • 10h ago

Overview

  • NaturalIntelligence
  • fast-xml-parser

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture fallback

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

endorlabs.com/learn/cve-2026-2

  • 1
  • 1
  • 0
  • 7h ago
Profile picture fallback

🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-25896 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/429 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.46%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts

Last activity: 10 hours ago

Bluesky

Profile picture fallback
تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
#Fedora 42: Patch CVE-2026-2441 NOW. Active exploits targeting Chromium's CSS engine (Use After Free). Update to 145.0.7632.75 via DNF immediately to block RCE attacks.🐧🛡️ Read more: 👉 tinyurl.com/4fmushem #Security
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Grandstream
  • GXP1610

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.14%

KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts

Last activity: Last hour

Fediverse

Profile picture fallback

CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
A stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600 phones enables unauthenticated remote root code execution, allowing call interception and credential extraction.
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Dell
  • Unisphere for PowerMax

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.05%

KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 15 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote... https://www.cyberhub.blog/cves/CVE-2026-26360
  • 0
  • 1
  • 0
  • 15h ago

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP

17 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Bluesky

Profile picture fallback
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
  • 0
  • 1
  • 0
  • 10h ago

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.07%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Bluesky

Profile picture fallback
Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.
  • 0
  • 1
  • 0
  • 10h ago

Overview

  • owthub
  • Library Management System

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.07%

KEV

Description

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-12707 - The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 ... https://www.cyberhub.blog/cves/CVE-2025-12707
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • JonathanWilbur
  • asn1-ts

21 Feb 2026
Published
21 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%

KEV

Description

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • pnggroup
  • libpng

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.06%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 Urgent: #Fedora 42/43 mingw-libpng update addresses CVE-2026-25646—a critical heap overflow in png_set_quantize. If you cross-compile Windows apps, patch now to avoid shipping vulnerable binaries. Read more: 👉 tinyurl.com/377ctus3 #Security
  • 0
  • 0
  • 0
  • 12h ago
Showing 1 to 10 of 37 CVEs