Tag feed

#cve

177 posts18 followers

Trending tags this week

Understanding Vulnerability Databases (TryHackMe)

1d ago · 13 min read · Link to the Challenge on TryHackMe: Understanding Vulnerability Databases Introduction Vulnerability databases are centralised repositories that collect, organise, and publish information about known

Join discussion

TTuannqblogs.night-wolf.io

0

From Privilege Escalation to RCE in Wiki.js

May 21 · 11 min read · I was poking around Wiki.js 2.5.312 one afternoon — as one does — when I found two vulnerabilities that chain together beautifully to turn a wiki moderator into a root shell. One report got accepted.

Join discussion

PBPushpendra Bblog.overflowbyte.cloud

0

How a 732-Byte Python Script Can Escape Your Kubernetes Cluster — Copy Fail, Explained

May 11 · 20 min read · This is a deep-dive standalone post. If you first heard about Copy Fail in our OverflowByte Weekly — Cloud Broke, Kernels Got Exploited, and AI Took Over the Pipeline (May 4–10, 2026), this is where w

Join discussion

PBPushpendra Bblog.overflowbyte.cloud

0

OverflowByte Weekly: Cloud Broke, Kernels Got Exploited, and AI Took Over the Pipeline — May 4–10, 2026

May 10 · 10 min read · Every week I track what actually matters in Cloud, DevOps, Linux, and AI infrastructure so you don't have to doomscroll through a hundred changelog posts. This is OverflowByte Weekly. This wasn't a q

Join discussion

MEMustafa ERBAYmustafaerbay.hashnode.dev

0

VPS Swap Fire: A Nightmare Started by a Kernel CVE Patch

May 10 · 7 min read · Last week, precisely on a Monday morning, the "Critical Alert" notifications on my monitor struck fear into my eyes. The systems running on my own VPS, especially my Docker containers, had suddenly started to slow down. Even SSH connections were lagg...

Join discussion

Yyurukusayurukusa.hashnode.dev

0

Three structurally similar disclosures in seven months: what TrustFall (May 7) tells us about Claude Code's security class

May 8 · 3 min read · On May 7, Adversa AI published the TrustFall PoC via The Register. A cloned repository can ship two JSON files (.mcp.json and .claude/settings.json) that, the moment the developer presses Enter on Claude Code's "Yes, I trust this folder" dialog, spaw...

Join discussion

BLBugmith Legendbugmithresearch.hashnode.dev

0

CI4MS Full-chain stored DOM XSS -> 50+ injection points -> full application compromise

Apr 26 · 7 min read · INTRODUCTION This research presents a full 0day XSS discovery and exploitation walkthrough conducted on the CI4MS application. The focus of this study is not a single XSS instance, but how a recurring

Join discussion

AWAlan Westalan-west.hashnode.dev

0

35 New CVEs This Month Were Caused by AI-Generated Code. We Have a Problem.

Mar 30 · 5 min read · Somewhere right now, a developer is hitting "Accept All" on an AI-generated code suggestion that contains a SQL injection vulnerability. They'll ship it to production tonight. It'll get a CVE number next month. This isn't hypothetical. According to d...

Join discussion

VNVũ Nhật Lâmblog.fiscybersec.com

0

No login required, no clicks needed: n8n vulnerability allows hackers to take over the server in an instant

Mar 23 · 4 min read · Overview The Pillar research team discovered an extremely critical vulnerability in n8n that allows: Remote Code Execution (RCE) No login required (unauthenticated) No user interaction needed (zero

Join discussion

ASaviral srivastavaaviraxroot.hashnode.dev

0

CVE-2026-33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed

Mar 19 · 9 min read · In early 2025, CISA added CVE-2025-3248 to their Known Exploited Vulnerabilities catalog. It was an unauthenticated remote code execution bug in Langflow, the popular open-source AI workflow builder w

Join discussion

#cve

Search Hashnode

#cve

Trending tags this week

Understanding Vulnerability Databases (TryHackMe)

From Privilege Escalation to RCE in Wiki.js

How a 732-Byte Python Script Can Escape Your Kubernetes Cluster — Copy Fail, Explained

OverflowByte Weekly: Cloud Broke, Kernels Got Exploited, and AI Took Over the Pipeline — May 4–10, 2026

VPS Swap Fire: A Nightmare Started by a Kernel CVE Patch

Three structurally similar disclosures in seven months: what TrustFall (May 7) tells us about Claude Code's security class

CI4MS Full-chain stored DOM XSS -> 50+ injection points -> full application compromise

35 New CVEs This Month Were Caused by AI-Generated Code. We Have a Problem.

No login required, no clicks needed: n8n vulnerability allows hackers to take over the server in an instant

CVE-2026-33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed