24h | 7d | 30d

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.07%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 7 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine it-connect.fr/cve-2026-26119-c #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

  • 1
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Michael Wyres @mwyr.es
Microsoft Patches CVE-2026-26119 Privilege Escalation In Windows Admin Center - https://mwyr.es/XiaTZ3k #thn #infosec
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
マイクロソフト、Windows Admin Center における権限昇格脆弱性 CVE-2026-26119 を修正 Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #HackerNews (Feb 19) thehackernews.com/2026/02/micr...
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
ohhara @shiojiri.com
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
IT-Connect @it-connect.bsky.social
🛑 Windows Admin Center - CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine Mon article à ce sujet 👇 - www.it-connect.fr/cve-2026-261... #infosec #cybersecurite #WindowsAdminCenter #Microsoft
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
Ethical Hacking Consultores @ehcgroup.bsky.social
Microsoft revela una vulnerabilidad crítica en el Centro de administración de Windows (CVE-2026-26119). Atención! Una vulnerabilidad crítica en Windows Admin Center permite a atacantes tomar el control total del servidor. Actualiza ya. #ciberseguridad #cybersecurity www.linkedin.com/pulse/micros...
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
Ninja Owl @ninjaowl.ai
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-29969

Overview

  • Microsoft
  • Windows 10 Version 1507
13 May 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.35%
KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: 4 hours ago

Fediverse

Profile picture fallback
buherator @buherator
[RSS] Discovery & Analysis of CVE-2025-29969

https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/

(Windows MS-EVEN RPC Remote Code Execution Vulnerability)
  • 0
  • 0
  • 0
  • 4h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] Discovery & Analysis of CVE-2025-29969 www.safebreach.com -> (Windows MS-EVEN RPC Remote Code Execution Vulnerability) Original->
  • 1
  • 0
  • 0
  • 4h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #SafeBreach includes "SafeBreach's Evolution into an #AI-First Development Team: Part I" and "EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft #Windows (CVE-2025-29969)". #Cybersecurity https://opsmtrs.com/41NWGuQ
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
EventLogin Exploit: How Low-Privilege Users Can Weaponize Windows Event Logging to Own Your Domain + Video Introduction: In a startling revelation for enterprise security, a new proof-of-concept tool named "EventLogin" has emerged, demonstrating the active exploitation of CVE-2025-29969. This…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Discovery & Analysis of CVE-2025-29969
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 6 Posts
Last activity: 5 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

unit42.paloaltonetworks.com/be

  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
ekiledjian @edwardk

The CISA has updated its Known Exploited Vulnerabilities (KEV) catalog for a BeyondTrust vulnerability (CVE-2026-1731) indicating its exploitation in ransomware attacks. This critical flaw allows for unauthenticated remote code execution and has been observed in attacks targeting various sectors globally, with threat intelligence firms noting its use in reconnaissance, data theft, and malware deployment.
securityweek.com/beyondtrust-v

  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
/G|T|R|O|N|I|X\ :python: :emacs: :nix: :linux: @gtronix

"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"

"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."

bleepingcomputer.com/news/secu

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk" and "Emerging Threat: CVE-2026-1731 – BeyondTrust Privileged Access Exposure Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 16h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Critical BeyondTrust vulnerability CVE-2026-1731 is being exploited in ransomware attacks, prompting a CISA KEV update and observed malicious activity across multiple sectors and countries.
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
Information Security Briefly @infosecbriefly.bsky.social
Critical CVE-2026-1731 in BeyondTrust Remote Support/Privileged Remote Access permits OS command execution as the site user, enabling web shells, backdoors, and malware deployment.
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-1670

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 3 Posts
  • 4 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Tom Sellers @TomSellers

Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.

nvd.nist.gov/vuln/detail/CVE-2

The backing CVE data contains all of this:

cveawg.mitre.org/api/cve/CVE-2

  • 1
  • 3
  • 0
  • 8h ago
Profile picture fallback
Michael I Ransier @thecybermind

CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. thecybermind.co/2026/02/20/cve

thecybermind.co/2026/02/20/cve

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CISA、ハネウェルのCCTVにおける重大な認証バイパス脆弱性CVE-2026-1670について警告 CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs #SecurityAffairs (Feb 19) securityaffairs.com/188234/secur...
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
20 Feb 2026
Updated
CVSS
Pending
EPSS
0.53%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Cyclone @cyclone

Chrome CSS Zero-Day (CVE-2026-2441)

Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.

forum.hashpwn.net/post/10273

  • 1
  • 0
  • 0
  • 19h ago
Profile picture fallback
ekiledjian @edwardk

A proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome's Blink CSS engine that is actively being exploited in the wild. Users are urged to update Chrome immediately to the latest versions to patch this vulnerability.
cybersecuritynews.com/chrome-0

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-2441: The First Chrome Zero-Day of 2026 is Already Exploited—Patch Now + Video Introduction: The cybersecurity landscape of 2026 has begun with a stark reminder of our browser-based attack surface. A high-severity zero-day vulnerability, designated CVE-2026-2441, has been discovered in…
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.09%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A proof-of-concept has been released for a Windows Notepad vulnerability (CVE-2026-20841) that allows malicious command execution by tricking users into opening a crafted Markdown file and clicking a link. Microsoft has patched this high-severity flaw in its February 2026 release, affecting Notepad versions 11.2508 and earlier.
cybersecuritynews.com/poc-wind

  • 0
  • 0
  • 0
  • 10h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad www.thezdi.com -> ZDI analysis of the notorious vuln Original->
  • 0
  • 1
  • 0
  • 14h ago

CVE-2026-26980

Overview

  • TryGhost
  • Ghost
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.4)
EPSS
0.08%
KEV

Description

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-26980 - Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the datab... https://www.cyberhub.blog/cves/CVE-2026-26980
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Rusty Shackleford @rusty__shackleford

Hacking like the 1990s (cvss 9.8) —
A Cold War Style Vulnerability in Modern VoIP
‏ Presented by LowLevelTV –

[Invidious](yewtu.be/watch?v=I4brAvpjbrg)
[YouTube](youtube.com/watch?v=I4brAvpjbrg)

Writeups:

Douglas McKee
[The Phone is Listening: A Cold War–Style Vulnerability in Modern VoIP](rapid7.com/blog/post/ve-phone-)

Stephen Fewer:
[CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones](rapid7.com/blog/post/ve-cve-20)

#hacking #voip #security #infosec #osint #cve #bug

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
CyberMaterial @cybermaterial.bsky.social
Grandstream VoIP Flaw Enables Eavesdropping Read More: buff.ly/TSDAjK1 #Grandstream #VoIPSecurity #CVE20262329 #RootAccess #TelecomSecurity #CriticalVulnerability #PatchNow #CyberAlert
  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-26996

Overview

  • isaacs
  • minimatch
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.04%
KEV

Description

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26996 impacts minimatch in 10 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/427 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-26960

Overview

  • isaacs
  • node-tar
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.01%
KEV

Description

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.

Statistics

  • 2 Posts
Last activity: Last hour

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26960 impacts tar in 8 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/428 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-26960 - node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardl... https://www.cyberhub.blog/cves/CVE-2026-26960
  • 0
  • 0
  • 0
  • Last hour
Showing 1 to 10 of 88 CVEs