Overview
Description
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
Statistics
- 1 Post
- 2 Interactions
Last activity: Last hour
Fediverse
Anyone know anything about these router vulns? I'm especially interested in CVE-2026-38704, a command injection in the Wireguard function, and CVE-2026-38707, a command injection in the IPSEC function.
https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf
Overview
Description
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Statistics
- 1 Post
- 7 Interactions
Last activity: 11 hours ago
Fediverse
my approach to finding security bugs:
me in 2017: "hmm the directory is world-writable, and the sticky bit looks ugly in my colorized ls, I'll send a patch"
someone on IRC a week later: "hey you're named in CVE-2016-10156"
me in 2023: "ugh OpenSSH crashes when I'm connecting from my retro Win98 VM"
someone on IRC a week later: "hey did you know you're in CVE-2023-25136"
Overview
Description
A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.
Statistics
- 1 Post
- 7 Interactions
Last activity: 11 hours ago
Fediverse
my approach to finding security bugs:
me in 2017: "hmm the directory is world-writable, and the sticky bit looks ugly in my colorized ls, I'll send a patch"
someone on IRC a week later: "hey you're named in CVE-2016-10156"
me in 2023: "ugh OpenSSH crashes when I'm connecting from my retro Win98 VM"
someone on IRC a week later: "hey did you know you're in CVE-2023-25136"
Overview
Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Statistics
- 1 Post
Last activity: 15 hours ago
Overview
Description
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx Console is not compromised and users may remediate by upgrading to that version.
Statistics
- 1 Post
- 1 Interaction
Last activity: 22 hours ago
Overview
Description
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection.
Statistics
- 1 Post
- 1 Interaction
Last activity: 22 hours ago
Overview
Description
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Statistics
- 1 Post
- 1 Interaction
Last activity: 22 hours ago