24h | 7d | 30d

Overview

  • Dell
  • RecoverPoint for Virtual Machines

17 Feb 2026
Published
18 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 11 Posts

Last activity: 1 hour ago

Fediverse

Profile picture fallback

CRITICAL: CVE-2026-22769 in Dell RecoverPoint for VMs (≤5.3 SP4 P1) lets unauthenticated attackers gain root via hardcoded creds. Patch or mitigate ASAP! 🛡️ radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Bluesky

Profile picture fallback
A China-linked group exploited CVE-2026-22769 in Dell RecoverPoint for Virtual Machines to deploy persistent backdoors including Brickstorm and Grimbolt.
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
~Mandiant~ UNC6201 exploits a critical Dell RecoverPoint zero-day (CVSS 10.0) to deploy the new GRIMBOLT backdoor. - IOCs: 149. 248. 11. 71 - #CVE202622769 #GRIMBOLT #ThreatIntel #UNC6201
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
『CVE-2026-22769』CVSSv3.1で10.0『リモートより同製品のOSに対して、永続的にroot権限によるアクセスが可能になる』:【セキュリティ ニュース】DellのVM環境向け復旧製品にゼロデイ脆弱性 - 悪用報告も(1ページ目 / 全1ページ):Security NEXT https://www.security-next.com/181174
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
📢 Zero‑day critique sur Dell RecoverPoint for VMs (CVE-2026-22769) exploitée par UNC6201 avec le backdoor GRIMBOLT 📝 S… https://cyberveille.ch/posts/2026-02-18-zero-day-critique-sur-dell-recoverpoint-for-vms-cve-2026-22769-exploitee-par-unc6201-avec-le-backdoor-grimbolt/ #CVE_2026_22769 #Cyberveille
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
A China-linked threat actor UNC6201 exploited a hardcoded-credential zero-day (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines for lateral movement and persistence.
  • 0
  • 0
  • 1
  • 5h ago
Profile picture fallback
中国関連ハッカー、Dell製品のゼロデイを2024年半ばから悪用:CVE-2026-22769 | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43921/
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
🛡️ Are you affected? BaseFortify maps your installed components to CPEs and links them to CVEs like CVE-2026-22769 — instantly showing severity, exposure, and mitigation steps. See your real risk in minutes: basefortify.eu #VulnerabilityManagement #CyberResilience #BaseFortify #SMBsecurity
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
🔎 Technical details: CVE-2026-22769 A hardcoded admin credential in the Tomcat Manager lets attackers deploy a malicious WAR file, execute commands as root, and maintain persistence. Threat actors reportedly used web shells + custom backdoors. #ZeroDay #ThreatIntel #BlueTeam #SecurityResearch
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
🚨 CVSS 10.0 in Dell RecoverPoint for VMs. CVE-2026-22769 exposes a hardcoded credential that allows unauthenticated remote root access. The flaw has reportedly been exploited since mid-2024. Full breakdown 👇 basefortify.eu/posts/2026/0... #CVE2026 #CyberSecurity #VMware #Dell #Infosec
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Google
  • Chrome

13 Feb 2026
Published
18 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 6 Posts
  • 3 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Notfall-Update Google Chrome

Wir haben schon Mitte Februar, da wird es höchste Zeit, dass die erste Zero-Day Hintertür in Chrome entdeckt wird. Im vorigen Jahr hat Google es auf deren acht* (!) gebracht. Die Lücke CVE-2026-2441 wurde entdeckt, weil sie bereits aktiv für Angriffe ausgenutzt wird. Google hat Notfall-Updates für Chrome veröffentlicht. Meldungen gibt es beispielsweise hier oder hier. Ob Chromium und die diversen Ableger auch betroffen sind, ist noch nicht bekannt. Bei Chromium ist es ziemlich wahrscheinlich. Dabei ist mein Chromium unter Linux bereits auf Version 145.0.7632.45, also schon höher als die von Google angegebene

pc-fluesterer.info/wordpress/2

#Empfehlung #Hintergrund #Warnung #Website #0day #chrome #cybercrime #exploits #google #UnplugGoogle #UnplugTrump #hintertür

  • 1
  • 0
  • 0
  • 4h ago
Profile picture fallback

Microsoft Edge 145.0.3800.58 korrigiert CVE-2026-2441 und CVE-2026-0102 und weitere Änderungen

deskmodder.de/blog/2026/02/18/

  • 1
  • 0
  • 1
  • 3h ago

Bluesky

Profile picture fallback
🚨 Update Chrome NOW 🛎️ New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released thehackernews.com/2026/02/new-...
  • 0
  • 1
  • 0
  • 21h ago
Profile picture fallback
Google терміново оновлює Chrome для 3 млрд користувачів — знайдено нову вразливість. #новини #uazmi #технології #сша Google випустила термінове оновлення для Chrome через вразливість нульового дня CVE-2026-2441, яку вже використовують хакери. Про це пише американський Forbe...
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Apache Software Foundation
  • Apache NiFi
  • org.apache.nifi:nifi-web-api

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.03%

KEV

Description

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to the flow configuration, but framework authorization did not check restricted status when updating a component previously added. The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a less privileged user to make property configuration changes. Apache NiFi installations that do not implement different levels of authorization for Restricted components are not subject to this vulnerability because the framework enforces write permissions as the security boundary. Upgrading to Apache NiFi 2.8.0 is the recommended mitigation.

Statistics

  • 3 Posts

Last activity: 10 hours ago

Fediverse

Bluesky

Profile picture fallback
🚨 CVE-2026-25903 – Apache NiFi Missing authorization in Apache NiFi (1.1.0–2.7.2) allows less privileged users to modify properties of Restricted components. CVSS: 8.7 (HIGH) Full analysis: basefortify.eu/cve_reports/... #CVE #ApacheNiFi #CyberSecurity #Vulnerability #InfoSec
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
Apache NiFiの脆弱性(CVE-2026-25903)により、ユーザーは制限を回避できる Apache NiFi Flaw (CVE-2026-25903) Lets Users Bypass Restrictions #DailyCyberSecurity (Feb 17) securityonline.info/apache-nifi-...
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • wpvividplugins
  • Migration, Backup, Staging – WPvivid Backup & Migration

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.52%

KEV

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture fallback
CVE-2026-1357 Exposed: How a WordPress Backup Plugin Turns Your Site into a Attacker’s Playground + Video Introduction: WordPress powers over 40% of the web, but its extensibility through plugins often introduces critical security gaps. The recently disclosed CVE-2026-1357 in the WPvivid Backup…
  • 0
  • 1
  • 0
  • 23h ago
Profile picture fallback
WordPressの人気 バックアップ プラグインWPvivid Backup & Migrationに重大な脆弱性(CVE-2026-1357) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL: Honeywell I-HIB2PI-UL 2MP IP (6.1.22.1216) has CVE-2026-1670 (CWE-306) — missing auth on API enables remote attackers to change recovery emails and take over accounts. Patch or segment now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Bluesky

Profile picture fallback
Bug critico nelle telecamere Honeywell: rischio compromissione totale. Il CISA Avverte 📌 Link all'articolo : www.redhotcyber.com/post/bug... #redhotcyber #news #cybersecurity #hacking #vulnerabilita #cve20261670 #sicurezzainformatica #telecamere #cctv #honeywell
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
54.26%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 2 Interactions

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
  • 0
  • 0
  • 1
  • 13h ago
Profile picture fallback
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
40.23%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 4 Posts
  • 2 Interactions

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Critical Vulnerabilities in Ivanti EPMM Exploited https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
  • 0
  • 0
  • 1
  • 13h ago
Profile picture fallback
The latest update for #Indusface includes "CVE-2026-1357: #WordPress Plugin RCE Exposes Sites to Full Takeover" and "CVE-2026-1281 & CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • TeamT5
  • ThreatSonar Anti-Ransomware

12 Aug 2024
Published
18 Feb 2026
Updated

CVSS v3.1
HIGH (7.2)
EPSS
1.36%

Description

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Bluesky

Profile picture fallback
A high-severity arbitrary file-upload vulnerability (CVE-2024-7694) in TeamT5's ThreatSonar Anti-Ransomware has been exploited in the wild and added to CISA's KEV catalog.
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 12 hours ago

Fediverse

Profile picture fallback

Alert: Unauthenticated Arbitrary File Upload leading to RCE.
ZAST engine has identified a critical-severity vulnerability, CVE-2026-1405 (CVSS 9.8), in the Slider Future WordPress plugin. This flaw allows for Unrestricted Arbitrary File Upload, leading to full Remote Code Execution (RCE).

Key Technical Findings:
- Vulnerability: Unauthenticated Arbitrary File Upload to RCE
- Project Popularity: 1,000+ active installations.
- Verification: 100% verified via Autonomous PoC generation.

The vulnerability stems from a lack of authentication on the /wp-json/slider-future/v1/upload-image/ endpoint and a total absence of file type or content validation before writing to disk.

We have verified that an attacker can upload a malicious PHP script and gain control of the host server in seconds.

Check detail here:cve.org/CVERecord?id=CVE-2026-

@wordpress@lemmy.world @WordPress@mastodon.world @wordfence

  • 1
  • 0
  • 0
  • 12h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 19 hours ago

Bluesky

Profile picture fallback
URGENT: #Ubuntu 24.04 LTS kernel updates (USN-8028-3) are live. Critical patches for AMD CPU data leaks (CVE-2024-36351) and SEV-SNP guest memory overwrite flaws. Read more: 👉 tinyurl.com/53wmvedk #Security
  • 0
  • 2
  • 0
  • 19h ago
Showing 1 to 10 of 37 CVEs