24h | 7d | 30d

Overview

  • Google
  • Chrome

13 Feb 2026
Published
20 Feb 2026
Updated

CVSS
Pending
EPSS
0.46%

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts

Last activity: 17 hours ago

Bluesky

Profile picture fallback
تسعى Google جاهدة لتصحيح العيوب مع نشر كود الاستغلال للعامة يستمر خط Google Chrome 145 المستقر في التحرك بعد تصحيح الطوارئ CVE-2026-2441، مع وصول إصلاحات أمنية إضافية في الإصدارات الأحدث قامت Google بشحن إصدارات Chrome 145 Stable الأحدث بعد إصلاح يوم الصفر CVE-2026-2441، وإضافة ثلاثة تصحيحات أمنية…
  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback
#Fedora 42: Patch CVE-2026-2441 NOW. Active exploits targeting Chromium's CSS engine (Use After Free). Update to 145.0.7632.75 via DNF immediately to block RCE attacks.🐧🛡️ Read more: 👉 tinyurl.com/4fmushem #Security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • NaturalIntelligence
  • fast-xml-parser

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.

Statistics

  • 2 Posts
  • 2 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser

A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies

Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2

endorlabs.com/learn/cve-2026-2

  • 1
  • 1
  • 0
  • 14h ago

Bluesky

Profile picture fallback
🚨 New CRITICAL CVE detected in AWS Lambda 🚨 CVE-2026-25896 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/429 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • BeyondTrust
  • Remote Support(RS) & Privileged Remote Access(PRA)

06 Feb 2026
Published
14 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
49.74%

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 18 hours ago

Fediverse

Profile picture fallback

Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.

Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.

Remote support appliances are high-value targets.

Are we giving PAM systems enough monitoring visibility?

Source: thehackernews.com/2026/02/beyo

Follow @technadu for independent cybersecurity reporting.

Like and join the discussion below.

  • 0
  • 0
  • 1
  • 21h ago

Bluesky

Profile picture fallback
BeyondTrustの深刻な脆弱性(CVE-2026-1731)を悪用したVShellとSparkRATを確認 #CybersecurityNews unit42.paloaltonetworks.com/beyondtrust-...
  • 0
  • 2
  • 0
  • 18h ago

Overview

  • Grandstream
  • GXP1610

18 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.14%

KEV

Description

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Fediverse

Profile picture fallback

CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. radar.offseq.com/threat/critic

  • 0
  • 0
  • 0
  • 8h ago

Bluesky

Profile picture fallback
A stack-based buffer overflow (CVE-2026-2329) in Grandstream GXP1600 phones enables unauthenticated remote root code execution, allowing call interception and credential extraction.
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Tenda
  • HG9

22 Feb 2026
Published
22 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: radar.offseq.com/threat/cve-20

  • 1
  • 0
  • 0
  • 5h ago

Overview

  • Dell
  • Unisphere for PowerMax

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.05%

KEV

Description

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 22 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-26360 - Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote... https://www.cyberhub.blog/cves/CVE-2026-26360
  • 0
  • 1
  • 0
  • 22h ago

Overview

  • Honeywell
  • I-HIB2PI-UL 2MP IP

17 Feb 2026
Published
18 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Bluesky

Profile picture fallback
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
  • 0
  • 1
  • 0
  • 17h ago

Overview

  • Microsoft
  • Windows Admin Center

17 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.07%

KEV

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.
  • 0
  • 1
  • 0
  • 18h ago

Overview

  • pnggroup
  • libpng

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.06%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
🚨 Urgent: #Fedora 42/43 mingw-libpng update addresses CVE-2026-25646—a critical heap overflow in png_set_quantize. If you cross-compile Windows apps, patch now to avoid shipping vulnerable binaries. Read more: 👉 tinyurl.com/377ctus3 #Security
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • GetSimpleCMS-CE
  • GetSimpleCMS-CE

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.02%

KEV

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The request is accepted without requiring a CSRF token or origin validation. This allows an attacker to upload arbitrary files to the application without the victim’s knowledge or consent. In order to exploit this vulnerability, the victim must be authenticated to GetSimple CMS (e.g., admin user), and visit an attacker-controlled webpage. This issue does not have a fix at the time of publication.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
How I found CVE-2026–27146 (CSRF)| Cyber Tamarin https://cybertamarin.medium.com/how-i-found-cve-2026-27146-cyber-tamarin-a2886542db22?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 19h ago
Showing 1 to 10 of 32 CVEs