← Explore

Posts tagged with cve

Security Briefing · ·4 min read

Your HMAC Was Validating the Wrong Bytes

Users started filing bug reports on April 14 about broken sessions and garbled cookies in their ASP.NET Core 10 apps.

cveasp-net-corecryptography
Security Briefing · ·4 min read

MCPwn: A Forgotten Auth Check Gave Away 2,600 Nginx Servers

Pluto Security calls it MCPwn, which is about as on-the-nose as vulnerability names get.

cvemcpnginx
Security Briefing · ·4 min read

BlueHammer Turns Your VPN Gateway Into an Entry Point

Your VPN concentrator is supposed to be the wall between your internal network and the internet.

cvewindowsvpn
Security Briefing · ·5 min read

Cisco Fixed Its SSO Bug. You Still Have to Rotate the IdP Certificate.

Cisco published an advisory on April 15 for CVE-2026-20184: a CVSS 9.

cvesamlsso
Security Briefing · ·5 min read

A CVSS 9.1 Hiding in Python's gzip Module

Most Python developers haven't looked twice at the gzip module since they first imported it. It compresses, it decompresses, it ships with the language.

cvepythonuse-after-free
Security Briefing · ·5 min read

The Advisory Was the PoC

Most vulnerability disclosures follow a predictable rhythm.

cveai-securitywebsocket
Security Briefing · ·5 min read

One Prototype Pollution Bug Away From Losing Your AWS Keys

Everyone noticed when Axios got backdoored on March 31st.

prototype-pollutionaxioscloud-security
Security Briefing · ·5 min read

The CMS You Forgot About Just Got a CVSS 9.8

Movable Type was the blogging platform before WordPress ate the world. If you started a blog between 2003 and 2008, there's a decent chance you used it.

cveperlcode-injection
Security Briefing · ·5 min read

FortiClient EMS Just Got Its Second Pre-Auth RCE in a Week

If you manage endpoints with Fortinet's FortiClient EMS, stop what you're doing and patch. CVE-2026-35616 landed Saturday with a CVSS 9.

cvefortinetpre-auth-rce
Security Briefing · ·4 min read

Five CVEs, One AI Agent Framework, Zero Surprises

PraisonAI markets itself as a framework for building multi-agent AI teams — autonomous agents that write code, call APIs, and orchestrate complex workflows.

cveai-securitysandbox-escape
Security Briefing · ·5 min read

Your Browser's GPU Is Now an Attack Surface

Google patched CVE-2026-5281 on April 1 — a use-after-free in Dawn, Chrome's WebGPU backend.

cvewebgpuchrome
Security Briefing · ·5 min read

They Found This Bug in the Telnet Client in 2005 — Nobody Checked the Server

In 2005, researchers found a textbook buffer overflow in the telnet client's SLC handler — CVE-2005-0469. It got patched.

cvebuffer-overflowlegacy-security
Security Briefing · ·4 min read

CVE-2026-33017: Langflow Got Owned Through the Same exec() Call — Again

Twenty hours. That's the gap between the advisory dropping for CVE-2026-33017 and the first exploitation attempt hitting Sysdig's honeypots.

cverceai-security
← Prev 2 / 2