24h | 7d | 30d

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
10 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
0.44%

KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 9 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
Critical pre-authentication remote code execution vulnerability CVE-2026-1731 (CVSS 9.9) affects BeyondTrust RS ≤25.3.1 and PRA ≤24.3.4; patches released.
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
BeyondTrust has patched a critical remote code execution flaw (CVE-2026-1731) in its Remote Support and Privileged Remote Access software. The […]
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 📖 Read more: www.helpnetsecurity.com/2026/02/09/b... #cybersecurity #cybersecuritynews #remoteaccess @rootxharsh.bsky.social
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
BeyondTrust Fixes Critical Pre-Auth RCE Read More: buff.ly/E5V9UhG #BeyondTrust #CVE20261731 #PreAuthRCE #RemoteCodeExecution #PrivilegedAccess #PatchNow #EnterpriseSecurity #VulnerabilityAlert
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
BeyondTrust disclosed a critical pre-auth RCE flaw (CVE-2026-1731) in its Remote Support and Privileged Remote Access products that lets unauthenticated attackers execute OS commands remotely. via @bleepingcomputer.com www.bleepingcomputer.com/news/securit... #hacking #infosec #cybersecurity
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
🚨 On 2/6/26, #BeyondTrust disclosed a critical RCE vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw has been assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9. More in the Rapid7 blog: r-7.co/4arAjln
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
BeyondTrust は、リモート アクセス ツールにおける簡単に悪用される認証前 RCE 脆弱性 (CVE-2026-1731) を修正しました BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) #HelpNetSecurity (Feb 9) www.helpnetsecurity.com/2026/02/09/b...
  • 0
  • 0
  • 0
  • 7h ago
Profile picture fallback
Operation MidnightPatch: The CVE-2026-1731 BeyondTrust Bomgar Crisis and the Coming Wave of Mass Exploitation + Video Introduction: A critical pre-authentication remote code execution (RCE) flaw, designated CVE-2026-1731, has been uncovered in BeyondTrust Remote Support (formerly Bomgar), a…
  • 0
  • 0
  • 0
  • 3h ago
Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-1731: Unauthenticated OS Command Injection Vulnerability in BeyondTrust Remote Support and Privileged Remote Access" and "CVE-2026-21643: Critical SQL Injection in FortiClientEMS". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Infor
  • SyteLine ERP

06 Feb 2026
Published
06 Feb 2026
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.01%

KEV

Description

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials.

Statistics

  • 5 Posts
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
CVE-2026-2103 - Infor Syteline ERP - Keys Included: No Assembly Required
  • 0
  • 1
  • 3
  • 16h ago

Overview

  • HubSpot
  • jinjava

04 Feb 2026
Published
05 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%

KEV

Description

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patched in versions 2.7.6 and 2.8.3.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Bluesky

Profile picture fallback
CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
CVE-2026-25526: 重大な Jinjava の脆弱性 (CVSS 9.8) によりリモートコード実行が可能 CVE-2026-25526: Critical Jinjava Flaw (CVSS 9.8) Permits Remote Code Execution #DailyCyberSecurity (Feb 9) securityonline.info/cve-2026-255...
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • SmarterTools
  • SmarterMail

23 Jan 2026
Published
06 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
9.22%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Statistics

  • 3 Posts

Last activity: 11 hours ago

Fediverse

Profile picture fallback

IT management software company SmarterTools was hit by a ransomware attack through an unpatched vulnerability in its own SmarterMail product, specifically CVE-2026-24423. The attack, attributed to the Warlock ransomware group, impacted the company's office network and a data center, but not its public-facing website or customer portal. SmarterTools has since patched the vulnerability and advises customers to update their SmarterMail instances immediately.
securityweek.com/smartertools-

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback

Global news highlights include the kickoff of the 2026 Winter Olympics in Italy (Feb 7). In technology, OpenAI launched its Frontier enterprise AI agent platform. Apple acquired AI startup Q.AI for $2B, while Google reported significant AI-driven profit gains. Intel and AMD warned of server CPU shortages impacting China due to AI demand. The EU is also scrutinizing TikTok's "addictive design".

Cybersecurity saw CISA warn of a critical SmarterMail vulnerability (CVE-2026-24423) actively exploited in ransomware campaigns (Feb 7). Italian authorities thwarted Russian cyberattacks targeting government and Olympic-related websites. A rise in AI-driven phishing attacks was also reported.

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback

Here's a summary of the latest technology and cybersecurity news from the last 24-48 hours:

Major tech firms globally plan to invest over $650 billion in AI infrastructure this year. OpenAI has launched "Frontier," a new enterprise platform for AI agents.

In cybersecurity, CISA mandated US federal agencies replace unsupported edge devices within 18 months due to state-sponsored exploitation. Russia's APT28 targeted European entities with a new Microsoft Office exploit. A critical SmarterMail flaw (CVE-2026-24423) is actively exploited in ransomware attacks. (Feb 6-7, 2026).

#News #Anonymous #AnonNews_irc

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Fortinet
  • FortiClientEMS

06 Feb 2026
Published
07 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.13%

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Critical SQL injection in FortiClientEMS (CVE-2026-21643, CVSS 9.1) allows unauthenticated attackers to execute arbitrary code; affected versions require immediate upgrade.
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-1731: Unauthenticated OS Command Injection Vulnerability in BeyondTrust Remote Support and Privileged Remote Access" and "CVE-2026-21643: Critical SQL Injection in FortiClientEMS". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • SolarWinds
  • Web Help Desk

28 Jan 2026
Published
04 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
54.99%

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: Last hour

Bluesky

Profile picture fallback
最近修正されたSolarWindsの脆弱性、ゼロデイとして悪用されていた可能性(CVE-2025-40551他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43821/
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 1
  • 0
  • 13h ago

Overview

  • WAGO
  • 0852-1322

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.12%

KEV

Description

Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-22904 (CRITICAL, CVSS 9.8): WAGO 0852-1322 vulnerable to stack-based buffer overflow via oversized HTTP cookies. RCE & DoS possible. Isolate devices, monitor traffic, deploy WAF/IPS. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • WAGO
  • 0852-1322

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%

KEV

Description

User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.

Statistics

  • 2 Posts

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-22906 (CRITICAL, CVSS 9.8): WAGO 0852-1322 uses a hardcoded AES key, letting unauthenticated attackers decrypt credentials from config files. No patch yet. Restrict access, segment networks, monitor closely! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • GitLab
  • GitLab AI Gateway

09 Feb 2026
Published
09 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.03%

KEV

Description

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🚨 Critical GitLab vulnerability disclosed: CVE-2026-1868 (CVSS 9.9). Insecure template expansion in GitLab AI Gateway can lead to denial of service or remote code execution in AI-powered DevOps pipelines. 🔥 basefortify.eu/cve_reports/... #CVE #GitLab #CyberSecurity #DevSecOps
  • 1
  • 1
  • 0
  • 22h ago
Profile picture fallback
⚙️ CVE-2026-1868 affects GitLab AI Gateway versions up to 18.8.0. Authenticated attackers can abuse crafted Duo Agent Flow definitions (CWE-1336) to execute code or crash the gateway, posing serious enterprise risk. 🛠️ #Vulnerability #AppSec #CloudSecurity #AI
  • 0
  • 1
  • 0
  • 22h ago

Overview

  • SAP_SE
  • SAP NetWeaver Application Server ABAP and ABAP Platform

10 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
Pending

KEV

Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🛡️ CRITICAL: CVE-2026-0509 in SAP NetWeaver ABAP (7.22 – 9.19) lets authenticated users run unauthorized background RFCs, risking integrity & availability. Patch when available, restrict S_RFC, monitor RFC usage. Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 3h ago
Showing 1 to 10 of 36 CVEs