CVE-2026-25108

Overview

Soliton Systems K.K.
FileZen

13 Feb 2026

Published

25 Feb 2026

Updated

CVSS v3.0

HIGH (8.8)

EPSS

18.59%

MITRE

KEV

Description

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Statistics

9 Posts
1 Interaction

Last activity: 7 hours ago

Fediverse

ekiledjian @edwardk

CISA has confirmed the active exploitation of a critical OS Command Injection vulnerability (CVE-2026-25108) in FileZen by Soliton Systems K.K., adding it to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations using FileZen are urged to apply security updates immediately to prevent unauthorized access and system compromise.
https://cybersecuritynews.com/cisa-confirms-active-exploitation-of-filezen-vulnerability/

0
0
0
7h ago

Bluesky

Ninja Owl @ninjaowl.ai

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

0
1
0
9h ago

piggo @pigondrugs.bsky.social

~Cisa~ CISA warns of active exploitation of a command injection vulnerability (CVE-2026-25108) in Soliton Systems FileZen. - IOCs: CVE-2026-25108 - #CVE202625108 #ThreatIntel #Vulnerability

0
0
0
23h ago

キタきつね @kitafox.bsky.social

CISA、既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Feb 24) CVE-2026-25108ソリトンシステムズ株式会社 FileZen OS コマンドインジェクション脆弱性 www.cisa.gov/news-events/...

0
0
0
23h ago

ohhara @shiojiri.com

CVE-2026-25108 Soliton Systems K.K. FileZen OS Command Injection Vulnerability

0
0
0
13h ago

ohhara @shiojiri.com

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability https://thehackernews.com/2026/02/cisa-confirms-active-exploitation-of.html

0
0
0
13h ago

Information Security Briefly @infosecbriefly.bsky.social

CISA added CVE-2026-25108, an OS command injection vulnerability in FileZen, to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.

0
0
0
13h ago

ReconBee @reconbee.bsky.social

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability reconbee.com/cisa-confirm... #CISA #FileZen #vulnerability #cybersecurity #cyberattacks

0
0
0
11h ago

Help Net Security @helpnetsecurity.com

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) 📖 Read more: www.helpnetsecurity.com/2026/02/25/c... #cybersecurity #cybersecuritynews #0day #filesharing #ransomware #vulnerability

0
0
0
9h ago

CVE-2025-40538

Overview

SolarWinds
Serv-U

24 Feb 2026

Published

25 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.03%

MITRE

KEV

Description

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.

Statistics

3 Posts

Last activity: 9 hours ago

Fediverse

TechNadu @technadu

Security Advisory Summary:
SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
• CVE-2025-40538 – Broken access control → system admin creation + root RCE
• Two type confusion flaws → root code execution
• One IDOR vulnerability → elevated execution

Attack prerequisites:
High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

Exposure landscape:
12K+ internet-facing instances observed (Shodan)
File transfer platforms remain ransomware-favored entry vectors

Historical context:
Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

Immediate actions:
- Patch to 15.5.4
- Audit privileged accounts
- Review FTP/SFTP exposure
- Monitor for anomalous admin creation

Source: https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/

Follow us for tactical advisories and vulnerability intelligence.

Comment with your detection or hardening recommendations.

#Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

0
0
0
9h ago

Bluesky

ohhara @shiojiri.com

SolarWinds Serv-Uに重大な脆弱性、サーバーへのrootアクセスが可能に（CVE-2025-40538他） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/44109/

0
0
0
13h ago

TechNadu @technadu.com

Critical update for enterprise defenders. SolarWinds fixes four Serv-U flaws - including CVE-2025-40538 - that could enable root/admin escalation on unpatched systems. Even with high-privilege prerequisites, file transfer software is historically a ransomware magnet... #CyberSecurity #SolarWinds

0
0
0
9h ago

CVE-2026-20127

Overview

Cisco
Cisco Catalyst SD-WAN Manager

25 Feb 2026

Published

25 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

Pending

MITRE

KEV

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

4 Posts
5 Interactions

Last activity: 1 hour ago

Fediverse

CERT-FR @cert_fr

⚠️ Alerte CERT-FR ⚠️

La vulnérabilité CVE-2026-20127 affecte Cisco Catalyst SD-WAN et permet à un attaquant non-authentifié de se connecter à un compte avec des privilèges élevés. Elle est activement exploitée.

https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-002/

2
1
1
2h ago

Bluesky

BleepingComputer @bleepingcomputer.com

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks.

1
1
0
1h ago

piggo @pigondrugs.bsky.social

~Cisa~ Threat actors are actively exploiting CVE-2026-20127 and CVE-2022-20775 for initial access and privilege escalation on Cisco SD-WAN systems. - IOCs: CVE-2026-20127, CVE-2022-20775 - #CVE202620127 #Cisco #ThreatIntel

0
0
0
2h ago

CVE-2026-27593

Overview

statamic
cms

24 Feb 2026

Published

24 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.02%

MITRE

KEV

Description

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.

Statistics

2 Posts
8 Interactions

Last activity: 19 hours ago

Fediverse

Stephen Rees-Carter :laravel: @valorin

PSA for Statamic folks - update your sites ASAP! ⚠️

A CRITICAL vuln was discovered that allows full account takeover via password resets! 😱

All the details: https://cvereports.com/reports/CVE-2026-27593 #Laravel

7
1
0
19h ago

Offensive Sequence @offseq

🚨 Statamic CMS CRITICAL vuln (CVE-2026-27593): Weak password reset lets attackers hijack accounts if users click a malicious link. Patch to 6.3.3/5.73.10+, educate users, enable MFA. Details: https://radar.offseq.com/threat/cve-2026-27593-cwe-640-weak-password-recovery-mech-d0c0ac0e #OffSeq #Statamic #CVE202627593 #infosec

0
0
0
20h ago

CVE-2026-20700

Overview

Apple
macOS

11 Feb 2026

Published

13 Feb 2026

Updated

CVSS

Pending

EPSS

0.43%

MITRE

KEV

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.

Statistics

1 Post
16 Interactions

Last activity: 21 hours ago

Fediverse

MissConstrue @MissConstrue

Because the hits just keep on rolling, #Apple Pushes Emergency #iPhone #Update After ‘Extremely Sophisticated’ Spyware Attack.

So, this zero day is being exploited even as we speak. If you own Apple devices, go update now.

The flaw, tracked as CVE-2026-20700, is a memory corruption vulnerability in the system’s core components that could allow attackers to execute arbitrary code, potentially leading to device takeover, spyware installation, or data theft.

Why this matters:
The vulnerability is already being used in real-world, targeted attacks.
Attackers may exploit it via malicious websites or image files without user interaction.

How to update:
Go to Settings > General > Software Update.
Tap Download and Install.
Ensure your device is plugged in and connected to Wi-Fi.

Enable Automatic Updates to avoid missing future patches.

11
5
0
21h ago

CVE-2026-22769

Overview

Dell
RecoverPoint for Virtual Machines

17 Feb 2026

Published

19 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

34.16%

MITRE

KEV

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

2 Posts

Last activity: 14 hours ago

Bluesky

AlphaHunt Converge @alphahunt.io

Your backup system isn’t your parachute. It’s a beachhead. 🏖️ Mandiant/GTIG report UNC6201 exploiting Dell RP4VM (CVE-2026-22769, CVSS 10.0). Hardcoded credential → OS-level control + root persistence. CISA KEV indicated. Recovery ≠ safe. #AlphaHunt #CISA #ZeroDay

0
0
0
18h ago

OpsMatters @opsmatters.com

The latest update for #CyCognito includes "Emerging Threat – Dell RecoverPoint for VMs Hardcoded Credential (CVE-2026-22769)" and "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X

0
0
0
14h ago

CVE-2025-59201

Overview

Microsoft
Windows 10 Version 1507

14 Oct 2025

Published

22 Feb 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

0.10%

MITRE

KEV

Description

Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.

Statistics

1 Post
8 Interactions

Last activity: 23 hours ago

Fediverse

Clément Labro @itm4n

It's a blog post I should have published months ago, but here we finally are.

"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"

Credit goes to t0zhang (on X) for the discovery.

👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/

I'd like to write more of those but it's so time-consuming. 😔

#cve #windows

5
3
0
23h ago

CVE-2026-27468

Overview

mastodon
mastodon

24 Feb 2026

Published

24 Feb 2026

Updated

CVSS v4.0

MEDIUM (4.8)

EPSS

0.04%

MITRE

KEV

Description

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content did not check properly whether the FASP was actually approved. This only affects Mastodon servers that have opted in to testing the experimental FASP feature by setting the environment variable `EXPERIMENTAL_FEATURES` to a value including `fasp`. An attacker can make subscriptions and request content backfill without approval by an administrator. Done once, this leads to minor information leak of URIs that are publicly available anyway. But done several times this is a serious vector for DOS, putting pressure on the sidekiq worker responsible for the `fasp` queue. The fix is included in the 4.4.14 and 4.5.7 releases. Admins that are actively testing the experimental "fasp" feature should update their systems. Servers not using the experimental feature flag `fasp` are not affected.

Statistics

4 Posts
1 Interaction

Last activity: 10 hours ago

Fediverse

geeknik @geeknik

Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example.

CVE-2026-27477: https://github.com/mastodon/mastodon/security/advisories/GHSA-46w6-g98f-wxqm
CVE-2026-27468: https://github.com/mastodon/mastodon/security/advisories/GHSA-qgmm-vr4c-ggjg

0
0
0
22h ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 Mastodon FASP vulnerabilities – CVE-2026-27468 & CVE-2026-27477 Two MEDIUM severity issues affect Mastodon 4.4.0–4.4.13 and 4.5.0–4.5.6 — but ONLY if the experimental #fasp feature is enabled. basefortify.eu/cve_reports/... basefortify.eu/cve_reports/... #CVE #Mastodon #CyberSecurity #InfoSec

0
1
0
10h ago

geeknik @geeknik.bsky.social

Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example. CVE-2026-27477: github.com/mastodon/... CVE-2026-27468:

0
0
0
22h ago

BaseFortify.eu @basefortify.bsky.social

CVE-2026-27468: Improper authorization allows unapproved FASP clients to subscribe & request content backfill → potential Sidekiq queue overload. CVE-2026-27477: SSRF via crafted base_url forces the server to send HTTP(S) requests to internal systems. #SSRF #DoS #VulnerabilityManagement #Security

0
0
0
10h ago

CVE-2026-27477

Overview

mastodon
mastodon

24 Feb 2026

Published

24 Feb 2026

Updated

CVSS v4.0

MEDIUM (4.6)

EPSS

0.05%

MITRE

KEV

Description

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen `base_url` that includes or resolves to a local / internal address, leading to the Mastodon server making requests to that address. This only affects Mastodon servers that have opted in to testing the experimental FASP feature by setting the environment variable `EXPERIMENTAL_FEATURES` to a value including `fasp`. An attacker can force the Mastodon server to make http(s) requests to internal systems. While they cannot control the full URL that is being requested (only the prefix) and cannot see the result of those requests, vulnerabilities or other undesired behavior could be triggered in those systems. The fix is included in the 4.4.14 and 4.5.7 releases. Admins that are actively testing the experimental "fasp" feature should update their systems. Servers not using the experimental feature flag `fasp` are not affected.

Statistics

4 Posts
1 Interaction

Last activity: 10 hours ago

Fediverse

geeknik @geeknik

Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example.

CVE-2026-27477: https://github.com/mastodon/mastodon/security/advisories/GHSA-46w6-g98f-wxqm
CVE-2026-27468: https://github.com/mastodon/mastodon/security/advisories/GHSA-qgmm-vr4c-ggjg

0
0
0
22h ago

Bluesky

BaseFortify.eu @basefortify.bsky.social

🚨 Mastodon FASP vulnerabilities – CVE-2026-27468 & CVE-2026-27477 Two MEDIUM severity issues affect Mastodon 4.4.0–4.4.13 and 4.5.0–4.5.6 — but ONLY if the experimental #fasp feature is enabled. basefortify.eu/cve_reports/... basefortify.eu/cve_reports/... #CVE #Mastodon #CyberSecurity #InfoSec

0
1
0
10h ago

geeknik @geeknik.bsky.social

Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example. CVE-2026-27477: github.com/mastodon/... CVE-2026-27468:

0
0
0
22h ago

BaseFortify.eu @basefortify.bsky.social

CVE-2026-27468: Improper authorization allows unapproved FASP clients to subscribe & request content backfill → potential Sidekiq queue overload. CVE-2026-27477: SSRF via crafted base_url forces the server to send HTTP(S) requests to internal systems. #SSRF #DoS #VulnerabilityManagement #Security

0
0
0
10h ago

CVE-2026-25253

Overview

OpenClaw
OpenClaw

01 Feb 2026

Published

03 Feb 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.05%

MITRE

KEV

Description

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

Statistics

1 Post
2 Interactions

Last activity: 7 hours ago

Fediverse

Linkeaz @linkeaz

MITRE ATLAS documente plusieurs incidents majeurs autour d’OpenClaw, un agent IA autonome open-source : interfaces exposées, skills malveillants en supply chain, RCE one-click (CVE-2026-25253) et C2 via prompt injection indirecte. Un agent avec accès shell, filesystem et réseau crée une surface d’attaque complexe. Isolation stricte et gouvernance des secrets indispensables.

⚡️https://linkeaz.net/fr/posts/openclaw-ai-agent-attack-surface

#IA #aisecurity #agenticAI #infosec #supplychain #cybersecurity #news #tech

1
1
0
7h ago