Overview
Description
Statistics
- 1 Post
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (7.4cu.2313_b20191024) faces a CRITICAL OS command injection (CVE-2026-6114, CVSS 9.3). Remote, unauthenticated code execution possible. No patch yet — disable remote mgmt & watch for updates. https://radar.offseq.com/threat/cve-2026-6114-os-command-injection-in-totolink-a71-384165a1 #OffSeq #CVE20266114 #Vuln #RouterSecurity
Overview
Description
Statistics
- 4 Posts
Fediverse
CVE-2026-31413
Found a 1-char bug in the Linux BPF verifier. A + 1 that should've been + 0 in maybe_fork_scalars() gives you OOB map access and full container escape from any pod with CAP_BPF. Fix in 7.0-rc5.
-Technical writeup with POC dropping soon.
CVE-2026-31413 - Linux Kernel Local Priv Esc
One extra + 1. That's the whole bug.
BPF verifier: insn_idx + 1 instead of insn_idx. Skips an instruction it shouldn't. For BPF_OR, verifier sees zero, CPU has your constant. Arbitrary kernel R/W.
Full container escape. No --privileged. Just CAP_BPF.
Overview
Description
Statistics
- 1 Post
Fediverse
nice typo in
[SECURITY] [DSA 6207-1] flatpak security update:
"delete arbitrary hosts on the host"
https://lists.debian.org/debian-security-announce/2026/msg00117.html
in https://security-tracker.debian.org/tracker/CVE-2026-34079 it's "files" btw.
Overview
- Apache Software Foundation
- Apache Traffic Server
Description
Statistics
- 1 Post
Overview
- parisneo
- parisneo/lollms
Description
Statistics
- 1 Post
Fediverse
🚨 HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! https://radar.offseq.com/threat/cve-2026-1116-cwe-79-improper-neutralization-of-in-c711f067 #OffSeq #XSS #Vuln #InfoSec
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (fw 7.4cu.2313_b20191024) suffers CRITICAL OS command injection (CVE-2026-6116, CVSS 9.3). Remote, unauthenticated RCE is possible. No patch yet — disable remote access or isolate device! https://radar.offseq.com/threat/cve-2026-6116-os-command-injection-in-totolink-a71-15ee14e2 #OffSeq #Vulnerability #RouterSecurity
Overview
- Apache Software Foundation
- Apache Tomcat
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Bluesky
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL: CVE-2026-6115 in Totolink A7100RU (7.4cu.2313_b20191024) allows unauth'd remote OS command injection via /cgi-bin/cstecgi.cgi. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-6115-os-command-injection-in-totolink-a71-2eb78416 #OffSeq #Vulnerability #Router #Infosec