24h | 7d | 30d

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
61.38%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 4 Posts
  • 15 Interactions
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Catalin Cimpanu @campuscodi

Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published

greynoise.io/blog/reconnaissan

x.com/ethicalhack3r/status/202

x.com/DefusedCyber/status/2022

  • 4
  • 1
  • 0
  • 13h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Critical cybersecurity alert: North Korea's UNC2970 is weaponizing Google Gemini for reconnaissance. A CVSS 9.9 BeyondTrust vulnerability (CVE-2026-1731) is also under active exploitation, enabling remote code execution. Meanwhile, the Munich Security Conference highlighted deepening transatlantic tensions.

#Cybersecurity #AI #Geopolitics

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Catalin Cimpanu @campuscodi.risky.biz
Exploitation of a recent RCE in BeyondTrust remote access products, tracked as CVE-2026-1731, reportedly started less than 24h after a PoC was published www.greynoise.io/blog/reconna... x.com/ethicalhack3... x.com/DefusedCyber...
  • 3
  • 6
  • 0
  • 13h ago
Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731) - Help Net Security www.helpnetsecurity.com/2026/02/13/b...
  • 0
  • 1
  • 0
  • 1h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.11%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 17 Interactions
Last activity: 3 hours ago

Fediverse

Profile picture fallback
m0bi ⁂ @m0bi

Czytam, że #Microsoft "poprawił" Notatnik (#Notepad).

Tak, ten program, który nie był dotykany, od 40 lat robił tylko to, co miał robić.
Dodali mu sztuczną inteligencję, dostęp do sieci, obsługę Markdown. A może Copilot dodał?🤔

CVE-2026-20841. CVSS 8.8. Zdalne wykonywanie kodu.

sekurak.pl/podatnosc-klasy-rce

  • 5
  • 11
  • 0
  • 15h ago
Profile picture fallback
Alper Çuğun-Gscheidel @alper

Microsoft, the company known for such amazing achievements as Teams, Github's uptime, Copilot etc. has managed to add features to Notepad in such a way, they introduced a remote code execution vulnerability.

msrc.microsoft.com/update-guid

  • 0
  • 1
  • 0
  • 3h ago

CVE-2026-20700

Overview

  • Apple
  • macOS
11 Feb 2026
Published
13 Feb 2026
Updated
CVSS
Pending
EPSS
0.15%
KEV

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Statistics

  • 2 Posts
  • 7 Interactions
Last activity: 10 hours ago

Fediverse

Profile picture fallback
jbz @jbz

⚠️ Apple patches decade-old iOS zero-day exploited in the wild

「 CVE-2026-20700, discovered by Google's Threat Analysis Group, affects dyld - Apple's dynamic linker - and allows attackers with memory write capability to execute arbitrary code. Apple said the flaw was exploited in the wild and may have been part of an exploit chain 」

theregister.com/2026/02/12/app

#apple #zeroday #cybersecurity #CVE202620700

  • 4
  • 3
  • 0
  • 14h ago
Profile picture fallback
Anonymous :verified: @youranonnewsirc

Here's a snapshot of recent geopolitical, technology, and cybersecurity developments:

**Geopolitical:** Iranian FM Araghchi stated on Feb 14, 2026, that the EU has lost its geopolitical weight, criticizing the Munich Security Conference on Iran. African leaders held their AU Summit Feb 14-15, focusing on water security and Sudan's conflict.

**Technology:** AI faces significant energy bottlenecks in February 2026, potentially altering industry growth. Singapore committed $155B to a nationwide AI push on Feb 14, 2026.

**Cybersecurity:** Apple patched CVE-2026-20700, an actively exploited zero-day, on Feb 11, 2026. Malicious Chrome extensions were discovered stealing sensitive business and email data around Feb 13-14, 2026.

#Cybersecurity #Geopolitics #TechNews

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-1490

Overview

  • cleantalk
  • Spam protection, Honeypot, Anti-Spam by CleanTalk
15 Feb 2026
Published
15 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CVE-2026-1490: CleanTalk Spam Protection plugin (WordPress) CRITICAL vuln (CVSS 9.8) lets unauth attackers install plugins via reverse DNS spoofing if API key is invalid. Audit keys & restrict plugin installs! radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 9h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
10 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
83.89%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
PrivacyDigest @PrivacyDigest

Sudden #Telnet Traffic Drop. Are #Telcos Filtering Ports to Block Critical #Vulnerability?

Telcos likely received advance warning about January's critical Telnet vulnerability before its public disclosure, according to threat intelligence biz GreyNoise. Global Telnet traffic "fell off a cliff" on January 14, 6 days before #security advisories for CVE-2026-24061 went public on Jan 20. The flaw, a decade-old bug in GNU #InetUtils telnetd with a 9.8 #CVSS score, allows …

tech.slashdot.org/story/26/02/

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-20804

Overview

  • Microsoft
  • Windows 10 Version 1607
13 Jan 2026
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.06%
KEV

Description

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Winbuzzer @winbuzzer

winbuzzer.com/2026/02/14/micro

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

#Microsoft #Windows11 #February2026PatchTuesday #Cybersecurity #Authentication #WindowsHello #Biometrics #RemoteDesktop

  • 0
  • 1
  • 0
  • 16h ago

CVE-2026-25753

Overview

  • Praskla-Technology
  • assessment-placipy
06 Feb 2026
Published
09 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.06%
KEV

Description

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-25753 Exposed: How a Simple Credential Flaw Can Lead to Mass Account Takeover + Video Introduction: In the ever-evolving landscape of web application security, the authentication mechanism remains the most targeted barrier between an attacker and sensitive data. A recently disclosed…
  • 0
  • 1
  • 0
  • 1h ago

CVE-2026-22906

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%
KEV

Description

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 14 hours ago

Fediverse

Profile picture fallback
elhacker.NET @elhackernet

CVE-2026-22906: Vulnerabilidad Crítica en Almacenamiento de Credenciales

blog.elhacker.net/2026/02/cve-

  • 0
  • 1
  • 0
  • 14h ago

CVE-2018-0802

Overview

  • Microsoft Corporation
  • Equation Editor
10 Jan 2018
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
93.89%
KEV

Description

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Philippe Vynckier @pvynckier.bsky.social
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection gbhackers.com/new-xworm-ra...
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25253

Overview

  • OpenClaw
  • OpenClaw
01 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.04%
KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
hackers-arise.official @hackers_arise

OpenClaw Vulnerability!

CVE-2026-25253 enables attackers to steal authentication tokens of OpenClaw AI Systems!

hackers-arise.com/cve-2026-252

  • 0
  • 0
  • 0
  • 17h ago
Showing 1 to 10 of 28 CVEs