Overview
Description
Statistics
- 4 Posts
Fediverse
CVE-2026-31413
Found a 1-char bug in the Linux BPF verifier. A + 1 that should've been + 0 in maybe_fork_scalars() gives you OOB map access and full container escape from any pod with CAP_BPF. Fix in 7.0-rc5.
-Technical writeup with POC dropping soon.
CVE-2026-31413 - Linux Kernel Local Priv Esc
One extra + 1. That's the whole bug.
BPF verifier: insn_idx + 1 instead of insn_idx. Skips an instruction it shouldn't. For BPF_OR, verifier sees zero, CPU has your constant. Arbitrary kernel R/W.
Full container escape. No --privileged. Just CAP_BPF.
Overview
Description
Statistics
- 1 Post
Fediverse
nice typo in
[SECURITY] [DSA 6207-1] flatpak security update:
"delete arbitrary hosts on the host"
https://lists.debian.org/debian-security-announce/2026/msg00117.html
in https://security-tracker.debian.org/tracker/CVE-2026-34079 it's "files" btw.
Overview
- Apache Software Foundation
- Apache Traffic Server
Description
Statistics
- 1 Post
Overview
- Apache Software Foundation
- Apache ActiveMQ Broker
- org.apache.activemq:activemq-broker
Description
Statistics
- 1 Post
Bluesky
Overview
- Apache Software Foundation
- Apache Tomcat
Description
Statistics
- 1 Post
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
Totolink A7100RU (7.4cu.2313_b20191024) faces CRITICAL OS command injection (CVE-2026-6139, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet — isolate & monitor! https://radar.offseq.com/threat/cve-2026-6139-os-command-injection-in-totolink-a71-92890d24 #OffSeq #infosec #vuln #IoTSecurity
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL: CVE-2026-6115 in Totolink A7100RU (7.4cu.2313_b20191024) allows unauth'd remote OS command injection via /cgi-bin/cstecgi.cgi. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-6115-os-command-injection-in-totolink-a71-2eb78416 #OffSeq #Vulnerability #Router #Infosec
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
RE: https://discuss.systems/@burakemir/116392963489404683
I disagree.
I did some very simple prompts with Claude and used them to find hundreds of RCEs in popular Java packages. See https://nvd.nist.gov/vuln/detail/CVE-2026-27830 and https://www.mchange.com/projects/c3p0/#security-note
While I haven’t used Mythos, knowing what less than an hour of prompts in Claude can yield, I have no doubt a model trained for CVE hunting can be very effective
Overview
- Totolink
- A7100RU
Description
Statistics
- 1 Post
Fediverse
CRITICAL: CVE-2026-6155 in Totolink A7100RU (fw 7.4cu.2313) allows unauthenticated OS command injection via pppoeServiceName in CGI handler. No patch yet — restrict remote access & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-6155-os-command-injection-in-totolink-a71-7391e9c3 #OffSeq #CVE20266155 #Infosec