Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138 | #Guide #Microsoft #News #security #Updates #Windows 
https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138

Composer (the dominant PHP package manager) shipped 2.9.6 and 2.2.27 LTS in April. The release fixes two command-injection bugs in the Perforce driver. CVE-2026-40261, severity 8.8. A malicious composer.json declares a Perforce repository and the shell runs whether or not Perforce is installed. Packagist disabled Perforce metadata April 10. Most CI build agents kept no audit trail across the ninety days the bug was live.

#PHP #CyberSecurity #DevOps #InfoSec #SupplyChain

Remote Code Execution in Apache ActiveMQ

"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"

https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

MEDIUM severity SSRF (CVE-2026-23773) found in Dell DLm8700 📢. Low-priv remote attackers can trigger server-side requests. No known exploits, no patch yet — restrict access & follow vendor advisories. https://radar.offseq.com/threat/cve-2026-23773-cwe-918-server-side-request-forgery-08701a02 #OffSeq #SSRF #Dell #Cybersecurity

Want to know how a “small” WebAssembly issue can become a big security problem?

In our new article, SSD Labs researcher, Aaron Cho, analyzes CVE-2024-12053. An arbitrary WebAssembly type confusion vulnerability leading to an RCE. Read about it here: https://ssd-disclosure.com/webassembly-canonical-vs-relative-type-index-confusion-leading-to-rce/

Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)

Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:

https://exploitreversing.com/2026/04/28/exploiting-reversing-er-series-article-09/

Key features of this edition:

[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.

This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.

I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!

The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.

Enjoy the reading and have an excellent day.

#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow