Another video showing how incredibly easy the n8n RCE vulnerability (CVE-2025-68613) is.

Credit: http://youtube.com/@0xmrsecurity

DoS via ARP flood. In 2026. And this is the kind of shit people are putting on the Internet and connecting to home and industrial networks.

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly, the denial of service (DoS) results in a restart of the charger functionalities.

https://www.cve.org/CVERecord?id=CVE-2026-22540

🚨 Multiple Veeam CVEs Identified: Critical Flaws Allow RCE and High-Privilege Actions

CVE-2025-55125:

A flaw that allows a Backup or Tape Operator to achieve remote code execution (RCE) as root by crafting a malicious backup configuration file.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59468:

A vulnerability enabling a Backup Administrator to execute remote code as the postgres user by supplying a malicious password parameter.

▪️Severity: Medium
▪️CVSS v3.1: 6.7
▪️Source: Discovered during internal testing

CVE-2025-59469

A security issue that allows a Backup or Tape Operator to write arbitrary files with root privileges.

▪️Severity: High
▪️CVSS v3.1: 7.2
▪️Source: Discovered during internal testing

CVE-2025-59470

A vulnerability that permits a Backup or Tape Operator to achieve remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

▪️CVSS Severity: Critical
▪️CVSS v3.1: 9.0
▪️Source: Discovered during internal testing

Veeam: https://www.veeam.com/kb4738
Blog format: https://darkwebinformer.com/multiple-veeam-cves-identified-critical-flaws-allow-rce-and-high-privilege-actions/

That's a weird thing to do intentionally.

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device.

https://www.cve.org/CVERecord?id=CVE-2025-69139

sev:CRIT BoF in zlib.

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

https://www.cve.org/CVERecord?id=CVE-2026-22184

WTF kind of CVE is this? It doesn't even say what product is vulnerable.

https://nvd.nist.gov/vuln/detail/CVE-2026-22536

All it says is:

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

Slow clap for S21sec.

@cR0w https://nvd.nist.gov/vuln/detail/CVE-2025-11155 ?

RE: https://infosec.exchange/@cR0w/115854579789971369

This one is even better. 🤣

An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.

Good luck with your Nessus scans.

https://www.cve.org/CVERecord?id=CVE-2026-22542

RE: https://infosec.exchange/@cR0w/115854304322324575

Ooh, this one only requires L3 access to DoS.

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.

https://www.cve.org/CVERecord?id=CVE-2026-22541

Edit to correct the link.