24h | 7d | 30d

CVE-2026-2441

Overview

  • Google
  • Chrome
13 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.53%
KEV

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 6 Posts
  • 4 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
elhacker.NET @elhackernet

Google corrige un zero-day de Chrome (CVE-2026-2441) ya explotado en ataques

blog.elhacker.net/2026/02/goog

  • 1
  • 2
  • 0
  • 18h ago
Profile picture fallback
Cyclone @cyclone

Chrome CSS Zero-Day (CVE-2026-2441)

Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.

forum.hashpwn.net/post/10273

  • 1
  • 0
  • 0
  • 7h ago

Bluesky

Profile picture fallback
topickapp (IT技術系ニュースサイト) @topickapp.bsky.social
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html Google Chromeの安定版チャンネルがアップデートされました。 今回の更新にはCSSのUse after free脆弱性 (CVE-2026-2441) の修正が含まれています。 この脆弱性に対する悪用がすでに確認されているため、早めの更新が推奨されます。
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Hacker News JP 🤖 @hacker-news-jp.bsky.social
現場で悪用されているゼロデイのCSS脆弱性 CVE-2026-2441 Zero-day CSS: CVE-2026-2441 exists in the wild 🔺 369 💬 21 🔗 HN Post | Article
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Hacker News Best @hnbest.bsky.social
Zero-day CSS: CVE-2026-2441 exists in the wild https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html comments #chromereleases.googleblog.com
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
CVE-2026-2441: The First Chrome Zero-Day of 2026 is Already Exploited—Patch Now + Video Introduction: The cybersecurity landscape of 2026 has begun with a stark reminder of our browser-based attack surface. A high-severity zero-day vulnerability, designated CVE-2026-2441, has been discovered in…
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-26119

Overview

  • Microsoft
  • Windows Admin Center
17 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 5 Posts
  • 1 Interaction
Last activity: Last hour

Fediverse

Profile picture fallback
benzogaga33 :verified: @benzogaga33

CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine it-connect.fr/cve-2026-26119-c #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

  • 1
  • 0
  • 0
  • Last hour

Bluesky

Profile picture fallback
Help Net Security @helpnetsecurity.com
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119) 📖 Read more: www.helpnetsecurity.com/2026/02/19/w... @msftresearch.bsky.social #CyberSecurity #CyberSecurityNews #Microsoft
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Michael Wyres @mwyr.es
Microsoft Patches CVE-2026-26119 Privilege Escalation In Windows Admin Center - https://mwyr.es/XiaTZ3k #thn #infosec
  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
マイクロソフト、Windows Admin Center における権限昇格脆弱性 CVE-2026-26119 を修正 Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center #HackerNews (Feb 19) thehackernews.com/2026/02/micr...
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
ohhara @shiojiri.com
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-22769

Overview

  • Dell
  • RecoverPoint for Virtual Machines
17 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
28.78%
KEV

Description

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

Statistics

  • 7 Posts
  • 1 Interaction
Last activity: 13 hours ago

Fediverse

Profile picture fallback
TechNadu @technadu

CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint for VMs is under confirmed exploitation.

Attribution: UNC6201 (linked to Silk Typhoon)
Malware: BRICKSTORM (evolving) → GRIMBOLT
Vector: Hard-coded credentials
Impact Layer: VMware-integrated DR appliances

This is a high-leverage target:
- Elevated privileges
- Direct integration with hypervisors & storage
- Influence over replicated datasets
- Potential long-term espionage dwell time

CISA has mandated immediate patching for federal agencies.

Key takeaway: Recovery infrastructure is now an active battlefield.
How are you validating integrity of replicated VM copies?
Comment below.

Source: therecord.media/fed-agencies-o

Follow TechNadu for threat intelligence updates.
Share within your security teams.

  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
অর্ঘ্য 🏏📚 💻 @StringsVsAtoms

The issue, officially named CVE-2026-22769, involves hardcoded credentials. This means the software came with a built-in username and password that could not be easily changed.
5/10

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture fallback
The IT Nerd @theitnerd.ca
The CISA Has Provided Two Warnings That You Should Pay Attention To The CISA has given US government agencies three days to patch their systems against a maximum-severity hardcoded credential vulnerability (CVE-2026-22769)in Dell’s RecoverPoint solution exploited by the UNC6201 Chinese hacking…
  • 0
  • 1
  • 1
  • 13h ago
Profile picture fallback
guardian360.bsky.social @guardian360.bsky.social
(GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials affecting versions prior to 6.0.3.1 HF1. Other products, including RecoverPoint Classic, are not vulnerable to the flaw. thehackernews.com/2026/02/de...
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Dell Zero-Day Exploit (CVE-2026-22769): How UNC6201 Weaponized Hard-Coded Credentials + Video Introduction: In a stark reminder of the risks lurking within enterprise backup infrastructure, a maximum-severity zero-day vulnerability in Dell RecoverPoint for Virtual Machines has been under active…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical Zero-Day in Dell RecoverPoint for VMs: Chinese APT Exploits Hardcoded Credentials for Root Access Since 2024 + Video Introduction A maximum-severity zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines has been under active exploitation by suspected Chinese…
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-20841

Overview

  • Microsoft
  • Windows Notepad
10 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.09%
KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.

Statistics

  • 5 Posts
  • 4 Interactions
Last activity: 2 hours ago

Fediverse

Profile picture fallback
TrendAI Zero Day Initiative @thezdi

CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at zerodayinitiative.com/blog/202

  • 1
  • 2
  • 1
  • 13h ago
Profile picture fallback
Mr. B34n @glitterbean

CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad thezdi.com/blog/2026/2/19/cve-

  • 0
  • 0
  • 1
  • 12h ago

Bluesky

Profile picture fallback
buherator @buherator.bsky.social
[RSS] CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad www.thezdi.com -> ZDI analysis of the notorious vuln Original->
  • 0
  • 1
  • 0
  • 2h ago

CVE-2025-29969

Overview

  • Microsoft
  • Windows 10 Version 1507
13 May 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.28%
KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 3 Posts
Last activity: 5 hours ago

Bluesky

Profile picture fallback
WarthogTK @warthogtk.bsky.social
EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969) www.safebreach.com/blog/safebre... github.com/SafeBreach-L...
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #SafeBreach includes "SafeBreach's Evolution into an #AI-First Development Team: Part I" and "EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft #Windows (CVE-2025-29969)". #Cybersecurity https://opsmtrs.com/41NWGuQ
  • 0
  • 0
  • 0
  • 5h ago
Profile picture fallback
Undercode Testing @undercode.bsky.social
EventLogin Exploit: How Low-Privilege Users Can Weaponize Windows Event Logging to Own Your Domain + Video Introduction: In a startling revelation for enterprise security, a new proof-of-concept tool named "EventLogin" has emerged, demonstrating the active exploitation of CVE-2025-29969. This…
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-21509

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
26 Jan 2026
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
9.21%
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 3 Posts
  • 6 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

The video discusses a recently patched Microsoft Office zero-day vulnerability (CVE-2026-21509) being actively exploited by Russian hackers. It emphasizes the rapid weaponization of vulnerabilities after patches and the importance of threat intelligence for managing exposed attack surfaces.
youtube.com/watch?v=Ck8IPInn74A

  • 2
  • 0
  • 0
  • 15h ago

Bluesky

Profile picture fallback
John Hammond @johnhammond.bsky.social
Quick dance with CVE-2026-21509, a "Security Feature Bypass Vulnerability" and an emergency out-of-band fix from January Patch Tuesday (and an obligatory exaggerated YouTube thumbnail -- I apologize and appreciate folks who understand algorithm nuance) youtu.be/Ck8IPInn74A
  • 0
  • 4
  • 1
  • 21h ago

CVE-2026-2329

Overview

  • Grandstream
  • GXP1610
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.09%
KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Help Net Security @helpnetsecurity.com
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) 📖 Read more: www.helpnetsecurity.com/2026/02/19/g... #cybersecurity #cybersecuritynews #securityupdate #vulnerability #VoIP #SMBs @rapid7.com @stephenfewer.bsky.social @fulmetalpackets.bsky.social
  • 1
  • 1
  • 0
  • 22h ago
Profile picture fallback
Eyal Estrin ☁️ @eyalestrin.bsky.social
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) #patchmanagement
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-26030

Overview

  • microsoft
  • semantic-kernel
19 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
Pending
KEV

Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Statistics

  • 2 Posts
  • 2 Interactions
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: radar.offseq.com/threat/cve-20

  • 1
  • 1
  • 0
  • 14h ago
Profile picture fallback
cerebrix @cerebrix

Unbelievable.... digg.com/cybersecurity/yCL5Ang

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-22267

Overview

  • Dell
  • PowerProtect Data Manager
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.04%
KEV

Description

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Statistics

  • 2 Posts
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔔 CVE-2026-22267 (HIGH): Dell PowerProtect Data Manager <19.22 lets remote low-priv users escalate privileges. Urgently restrict remote access, enforce least privilege, and monitor logs. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2026-22267 https://www.cyberhub.blog/article/alert-cve-2026-22267
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-1731

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)
06 Feb 2026
Published
14 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%
KEV

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 2 Posts
Last activity: 2 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

unit42.paloaltonetworks.com/be

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Permission to Ignore: Leveraging the CTEM Framework to Focus on Real Risk" and "Emerging Threat: CVE-2026-1731 – BeyondTrust Privileged Access Exposure Risk". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 4h ago
Showing 1 to 10 of 85 CVEs