Essential WordPress, BeyondTrust, Honeywell CCTV, and PUSR router vulnerabilities surfaced on underground boards, whereas CISA issued 8 ICS advisories impacting essential manufacturing sectors.
Cyble Analysis & Intelligence Labs (CRIL) tracked 1,102 vulnerabilities final week. Of those, 166 vulnerabilities have already got publicly accessible Proof-of-Idea (PoC) exploits, considerably growing the probability of real-world assaults. A complete of 49 vulnerabilities had been rated essential below CVSS v3.1, whereas 32 obtained essential severity below CVSS v4.0.
Moreover, CISA added 9 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, citing confirmed energetic exploitation.
On the commercial entrance, CISA issued 8 ICS advisories protecting 18 vulnerabilities impacting Siemens, Honeywell, Delta Electronics, GE Vernova, PUSR, EnOcean, Valmet, and Welker merchandise.
Cyble Weekly Vulnerability Report: New Flaws and CVEs
CVE-2026-1357 — WPvivid Backup & Migration Plugin (Essential)
CVE-2026-1357 is a essential unauthenticated arbitrary file add and distant code execution vulnerability affecting the WPvivid Backup & Migration plugin for WordPress. The flaw stems from improper dealing with of RSA decryption errors mixed with unsanitized filename inputs, permitting attackers to add malicious PHP shells to publicly accessible directories
A public PoC is obtainable, and the vulnerability surfaced in underground discussions shortly after disclosure, considerably decreasing the barrier to exploitation.
CVE-2026-1731 — BeyondTrust Distant Help & PRA (Essential)
CVE-2026-1731 is a essential OS command injection vulnerability in BeyondTrust Distant Help (RS) and Privileged Distant Entry (PRA). The flaw exists inside a WebSocket-based endpoint, permitting unauthenticated attackers to execute arbitrary instructions on internet-facing situations.
Profitable exploitation allows full system compromise, knowledge exfiltration, lateral motion, and protracted entry. A PoC is publicly accessible.
CVE-2025-49132 — Pterodactyl Panel (Essential)
CVE-2025-49132 impacts the Pterodactyl Panel game-server administration platform and permits unauthenticated distant code execution by means of improper validation of user-controlled parameters.
Menace actors had been noticed sharing weaponized exploits on underground boards, highlighting the vulnerability’s operational danger.
CVE-2026-25639 — Axios HTTP Consumer (Excessive Severity)
CVE-2026-25639 is a denial-of-service vulnerability within the Axios HTTP consumer, the place crafted JSON payloads exploiting improper configuration merging can crash Node.js or browser purposes.
The vulnerability was captured in underground boards shortly after disclosure and has a public PoC.
CVE-2026-20841 — Home windows Notepad (Excessive Severity)
CVE-2026-20841 is a command injection vulnerability within the Home windows Notepad app, enabling execution of malicious payloads by way of specifically crafted recordsdata. Exploitation may allow privilege escalation and malware deployment.
Vulnerabilities Added to CISA KEV
CISA added 9 vulnerabilities to the KEV catalog throughout the reporting interval.
Notable additions embrace:
- CVE-2026-2441 — Google Chrome use-after-free vulnerability enabling potential arbitrary code execution by way of crafted HTML.
- CVE-2025-15556 — Notepad++ replace integrity verification vulnerability reportedly exploited by the China-linked menace actor Lotus Blossom.
KEV additions function sturdy indicators of exploitation maturity and heightened ransomware or espionage danger.
Essential ICS Vulnerabilities
Throughout the reporting interval, CISA issued 8 ICS advisories protecting 18 vulnerabilities. The bulk had been rated excessive severity.
CVE-2026-1670 — Honeywell CCTV Merchandise (Essential)
CVE-2026-1670 impacts Honeywell CCTV merchandise and carries a CVSS rating of 9.8. The vulnerability permits an unauthenticated attacker to remotely alter the password restoration e-mail tackle, successfully hijacking administrator accounts.
Profitable exploitation allows:
- Full administrative account takeover
- Unauthorized entry to reside surveillance feeds
- Potential lateral motion into linked networks
As a result of no credentials or consumer interplay are required, this vulnerability presents a excessive mass-exploitation danger.
CVE-2026-25715 — PUSR USR-W610 Router (Essential)
CVE-2026-25715 impacts the PUSR USR-W610 router and entails weak password necessities. If exploited, attackers can bypass authentication, compromise administrator credentials, or disrupt providers.
The chance is amplified by the seller’s acknowledgment that the product has reached end-of-life and no patches are deliberate. Organizations are urged to isolate or change affected units instantly.
Siemens Simcenter Vulnerabilities (Excessive Severity Cluster)
A number of high-severity out-of-bounds learn/write and buffer overflow vulnerabilities had been disclosed in Siemens Simcenter Femap and Nastran merchandise (CVE-2026-23715 by means of CVE-2026-23720). These flaws could allow reminiscence corruption and potential code execution in industrial engineering environments.
Impacted Essential Infrastructure Sectors
Evaluation of the 18 disclosed ICS vulnerabilities exhibits that Essential Manufacturing accounts for 61.1% of instances, with the sector showing in 83.3% of all reported vulnerabilities. This focus highlights the continued publicity of producing environments and their interdependencies with Power, Water, and Chemical sectors.
Conclusion
The mix of high-volume IT vulnerabilities, publicly accessible PoCs, underground exploit discussions, and important ICS exposures underscores the evolving menace panorama throughout enterprise and industrial environments.
With 166 PoCs already accessible and 9 KEV additions confirming energetic exploitation, organizations should undertake a risk-based vulnerability administration strategy that prioritizes:
- Speedy patching of internet-facing property
- Strict community segmentation between IT and OT environments
- Elimination or isolation of end-of-life units
- Deployment of multi-factor authentication
- Steady monitoring for anomalous habits
- Routine vulnerability assessments and penetration testing
Cyble’s assault floor administration options allow organizations to constantly monitor exposures, prioritize remediation, and detect early warning indicators of exploitation. Moreover, Cyble’s menace intelligence and third-party danger intelligence capabilities present visibility into vulnerabilities actively mentioned in underground communities, empowering proactive protection towards each IT and ICS threats.
