24h | 7d | 30d

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.46%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Gea-Suan Lin @gslin

blog.gslin.org/archives/2026/0

Chromium 處理 CSS 的 Use after free 問題,可 RCE (CVE-2026-2441)

#advisory #after #browser #chromium #code #css #cve #execution #font #free #rce #remote #use #webgpu

  • 0
  • 0
  • 0
  • 20h ago

Bluesky

Profile picture fallback
Beiruttime-lb.com @beiruttime.bsky.social
تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
#Fedora 42: Patch CVE-2026-2441 NOW. Active exploits targeting Chromium's CSS engine (Use After Free). Update to 145.0.7632.75 via DNF immediately to block RCE attacks.🐧🛡️ Read more: 👉 tinyurl.com/4fmushem #Security
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-25896

Overview

  • NaturalIntelligence
  • fast-xml-parser
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%
KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 14 hours ago

Fediverse

Profile picture fallback
Endor Labs @endorlabs

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

endorlabs.com/learn/cve-2026-2

  • 1
  • 1
  • 0
  • 14h ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-25896 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/429 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 3 Posts
  • 2 Interactions
Last activity: 18 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: thehackernews.com/2026/02/beyo

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

  • 0
  • 0
  • 1
  • 21h ago

Bluesky

Profile picture fallback
piyokango @piyokango.bsky.social
BeyondTrustの深刻な脆弱性(CVE-2026-1731)を悪用したVShellとSparkRATを確認 #CybersecurityNews unit42.paloaltonetworks.com/beyondtrust-...
  • 0
  • 2
  • 0
  • 18h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.14%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
A stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600 phones enables unauthenticated remote root code execution, allowing call interception and credential extraction.
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-2909

Overview

  • Tenda
  • HG9
22 Feb 2026
Published
22 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV

Description

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 5h ago

CVE-2026-26360

Overview

  • Dell
  • Unisphere for PowerMax
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.05%
KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote... https://www.cyberhub.blog/cves/CVE-2026-26360
  • 0
  • 1
  • 0
  • 22h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 17 hours ago

Bluesky

Profile picture fallback
Commonwealth Sentinel Cyber Security @cwealthsentinel.bsky.social
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
  • 0
  • 1
  • 0
  • 17h ago

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 18 hours ago

Bluesky

Profile picture fallback
Tech-News @technology-news.bsky.social
Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.
  • 0
  • 1
  • 0
  • 18h ago

CVE-2026-25646

Overview

  • pnggroup
  • libpng
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.06%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Urgent: #Fedora 42/43 mingw-libpng update addresses CVE-2026-25646—a critical heap overflow in png_set_quantize. If you cross-compile Windows apps, patch now to avoid shipping vulnerable binaries. Read more: 👉 tinyurl.com/377ctus3 #Security
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-27146

Overview

  • GetSimpleCMS-CE
  • GetSimpleCMS-CE
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.02%
KEV

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The request is accepted without requiring a CSRF token or origin validation. This allows an attacker to upload arbitrary files to the application without the victim’s knowledge or consent. In order to exploit this vulnerability, the victim must be authenticated to GetSimple CMS (e.g., admin user), and visit an attacker-controlled webpage. This issue does not have a fix at the time of publication.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Securitycipher @securitycipher.bsky.social
How I found CVE-2026–27146 (CSRF)| Cyber Tamarin https://cybertamarin.medium.com/how-i-found-cve-2026-27146-cyber-tamarin-a2886542db22?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 19h ago
Showing 1 to 10 of 32 CVEs