BeyondTrust has addressed a serious remote code execution vulnerability, identified as CVE-2026-1731, which affects its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This vulnerability can be exploited without authentication, making it particularly dangerous for self-hosted customers. BeyondTrust is urging users to apply the patch immediately to protect their systems. Unlike a previous zero-day vulnerability exploited by threat actors linked to China, this issue was discovered by a security researcher and disclosed privately. The prompt action by BeyondTrust highlights the necessity for timely vulnerability management in remote access tools, which are critical for many organizations.
Articles tagged "CVE"
Found 342 articles
The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability, identified as CVE-2026-24423, in SmarterMail. This flaw allows for unauthenticated remote code execution (RCE), which means attackers could potentially take control of affected systems without needing any prior authentication. This vulnerability has already been leveraged in ransomware attacks, posing significant risks to users and organizations running SmarterMail. Users are urged to take immediate action to secure their systems, as the flaw could lead to severe data breaches and operational disruptions. The urgency of this warning stems from the active exploitation of the flaw in the wild, highlighting the need for prompt remediation.
Security Affairs
Hackers have been exploiting a serious vulnerability in the React Native CLI, identified as CVE-2025-11953, to execute remote commands and deploy stealthy Rust-based malware. This flaw arises from the React Native CLI's Metro server, which, by default, binds to external interfaces, making it susceptible to unauthorized access. This exploitation occurred weeks before the vulnerability was publicly disclosed, indicating that attackers are actively targeting this weakness. Users of React Native should be particularly vigilant, as the impact could extend to various applications built on this framework. Prompt action is necessary to secure affected systems and prevent further malicious activities.
A serious security vulnerability, identified as CVE-2025-11953 and nicknamed Metro4Shell, has been discovered in the Metro Development Server, which is part of the '@react-native-community/cli' npm package. This flaw, rated 9.8 on the CVSS scale, allows remote attackers to execute arbitrary code without authentication. Researchers from VulnCheck first detected active exploitation of this vulnerability on December 21, 2025. This poses a significant risk for developers and organizations using this package, as it could lead to unauthorized control over their systems. Users of the affected npm package need to take immediate action to protect their applications.
Ukraine's Computer Emergency Response Team (CERT) has reported that Russian hackers are taking advantage of a newly patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This flaw affects multiple versions of the software, which could leave users open to various cyberattacks. The exploitation of this vulnerability is concerning, especially as Microsoft Office is widely used in both personal and professional settings. Users and organizations are urged to ensure that their systems are updated with the latest security patches to mitigate the risk of being targeted. The situation underscores the need for vigilance in maintaining software security, especially with ongoing geopolitical tensions.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Ivanti has reported two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These flaws allow remote code execution, meaning attackers could potentially take control of affected systems without needing physical access. The company warns that these vulnerabilities are currently being actively exploited, putting users at risk. Organizations using EPMM should prioritize applying the necessary security updates to safeguard their systems. Failure to address these vulnerabilities could lead to significant security breaches, affecting both the integrity of user data and the overall security posture of the organization.
SmarterTools has released patches for two vulnerabilities in its SmarterMail email software, one of which is classified as critical. This flaw, identified as CVE-2026-24423, has a CVSS score of 9.3 and could allow attackers to execute arbitrary code on systems running affected versions of SmarterMail. Users of SmarterMail versions prior to build 9511 are particularly at risk. It's crucial for organizations using this software to update immediately to protect against potential exploitation. The existence of such a high-severity vulnerability underscores the importance of regular software updates and vigilance in cybersecurity practices.
Ivanti has revealed two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities are currently being exploited in zero-day attacks, meaning attackers have already taken advantage of them before any fix was made available. Organizations using EPMM are at risk, as these flaws could allow unauthorized access to sensitive mobile device management functions. The situation is urgent, as the vulnerabilities are actively being exploited in the wild, which could lead to data breaches or unauthorized control over managed devices. Users and companies are advised to monitor for updates and take immediate action to secure their systems.
Security Affairs
Fortinet has issued patches for a serious vulnerability in its FortiOS software, identified as CVE-2026-24858, which has been actively exploited by attackers. This flaw allows unauthorized users to bypass Single Sign-On (SSO) authentication, posing a significant risk to organizations using affected systems. The vulnerability has a high CVSS score of 9.4, indicating its severity. It impacts several products, including FortiOS, FortiManager, and FortiAnalyzer. Companies utilizing these systems should prioritize applying the available patches to protect against potential breaches.
Researchers from JFrog Security Research have identified two significant vulnerabilities in the n8n workflow automation platform. The most critical issue, tracked as CVE-2026-1470, has a CVSS score of 9.9 and involves an eval injection vulnerability that allows authenticated users to execute arbitrary code remotely. This flaw poses a severe risk, as it could potentially enable attackers to manipulate the system and access sensitive data. Users of n8n should take immediate action to secure their installations, especially those who rely on this platform for workflow automation. Prompt updates and monitoring are essential to mitigate risks associated with these vulnerabilities.
Fortinet has addressed a significant vulnerability tracked as CVE-2026-24858, which could allow attackers to bypass authentication and gain unauthorized access to devices linked to other FortiCloud accounts. This flaw presents a serious risk, as it enables malicious actors to potentially control devices that should be secure. Users and organizations utilizing FortiCloud services are particularly affected, as their account security could be compromised. Fortinet's swift action to patch this vulnerability is crucial to prevent exploitation and protect users' sensitive data. Companies using Fortinet products should ensure they apply the latest updates to mitigate this risk effectively.
Researchers have discovered a critical vulnerability in the vm2 library, a popular Node.js sandbox used to execute untrusted code. This security flaw, identified as CVE-2026-22709, enables attackers to escape the sandbox environment and execute arbitrary code on the host system. This poses a significant risk to applications that rely on this library for secure code execution. Developers using vm2 should take immediate action to protect their systems, as the implications could lead to unauthorized access and control over sensitive data. It's crucial for users to stay informed about this vulnerability and implement necessary safeguards to prevent exploitation.
Microsoft has released a patch for a zero-day vulnerability in its Office software, identified as CVE-2026-21509. This flaw allows attackers to bypass certain security features, potentially putting users at risk. Reports suggest that the vulnerability may have already been exploited in targeted attacks against specific organizations. As a result, it's crucial for all users of Microsoft Office to apply this patch promptly to protect themselves from potential intrusions. The patch is part of Microsoft's ongoing efforts to enhance the security of its products and safeguard user data from malicious activities.
The Hacker News
Microsoft has released emergency patches for a serious vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw has a CVSS score of 7.8, indicating it is a significant security risk. The vulnerability allows attackers to bypass security features by exploiting untrusted inputs, potentially leading to unauthorized access. Organizations using affected Microsoft Office products should prioritize applying these patches, as the vulnerability is currently being exploited in the wild. This situation emphasizes the need for users to stay vigilant and maintain their software up to date to protect against such threats.
SCM feed for Latest
A serious vulnerability has been discovered in Appsmith, an open-source low-code application platform, tracked as CVE-2026-22794. This flaw affects the authentication process, allowing attackers to hijack user accounts. Researchers have confirmed that this vulnerability is currently being exploited in the wild, raising significant concerns for organizations using the platform. Users of Appsmith should act quickly to secure their accounts and systems to prevent unauthorized access. As the exploitation of this vulnerability poses a real threat, it’s crucial for affected users to stay informed and take necessary precautions.