Explore

Rapid Read Rapid Read
NGINX Vulnerability Exploit Code Released, Poses Security Risks

NGINX Vulnerability Exploit Code Released, Poses Security Risks

Technical details and proof-of-concept (PoC) exploit code for a critical vulnerability in NGINX have been published. The vulnerability, identified as CVE-2026-42945, has a CVSS score of 9.2 and was recently patched by F5. It involves a heap buffer overflow in the ngx_http_rewrite_module component, which can lead to a denial-of-service (DoS) condition or remote code execution (RCE) if Address Space Layout Randomization (ASLR) is disabled. The issue affects NGINX servers using rewrite and set directives, stemming from a two-pass process in the script engine that can result in an undersized buffer allocation. This allows attacker-controlled data to overflow the buffer. The vulnerability was introduced 16 years ago and has now been addressed in NGINX Plus versions 37.0.0, R36 P4, and R32 P6, as well as in NGINX open source versions 1.31.0 and 1.30.1.
Rapid Read Rapid Read
NGINX Vulnerability Exposes Web Servers to Potential Remote Code Execution

NGINX Vulnerability Exposes Web Servers to Potential Remote Code Execution

A critical vulnerability has been discovered in the NGINX open-source web server, which has been present for 18 years. This flaw, identified as CVE-2026-42945, allows for denial of service (DoS) attacks and potentially remote code execution (RCE) under certain conditions. The vulnerability was uncovered by DepthFirst AI using an autonomous scanning system and has been given a critical severity rating of 9.2 by the Common Vulnerability Scoring System (CVSS). The issue affects NGINX versions 0.6.27 through 1.30.0 and is related to a heap buffer overflow in the ngx_http_rewrite_module. This flaw can be triggered when NGINX configurations use both 'rewrite' and 'set' directives, a common pattern in API gateways and reverse proxy setups. The vulnerability stems from inconsistent state handling in NGINX's internal script engine, leading to a heap buffer overflow. DepthFirst AI demonstrated unauthenticated code execution via specially crafted HTTP requests, although this was achieved on systems with Address Space...
Rapid Read Rapid Read
New Linux Kernel Vulnerability 'Fragnesia' Enables Root Privilege Escalation

New Linux Kernel Vulnerability 'Fragnesia' Enables Root Privilege Escalation

A newly identified vulnerability in the Linux kernel, known as 'Fragnesia' and officially designated as CVE-2026-46300, has been disclosed. This flaw allows local attackers to escalate their privileges to root by exploiting the XFRM ESP-in-TCP subsystem. The vulnerability permits attackers to overwrite critical system files, such as /usr/bin/su and /etc/passwd, potentially compromising system integrity. The issue affects most major Linux distributions, prompting them to begin issuing patches to mitigate the risk. The discovery of this vulnerability highlights ongoing challenges in maintaining secure systems against evolving cyber threats.
Trendline Trendline
F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP and NGINX Systems
Trendline Trendline
F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems

F5 Networks Addresses Over 50 Vulnerabilities in BIG-IP, BIG-IQ, and NGINX Systems
Trendline Trendline
Fortinet and Ivanti Release Patches for Critical Security Vulnerabilities

Fortinet and Ivanti Release Patches for Critical Security Vulnerabilities

Fortinet and Ivanti Release Patches for Critical Security Vulnerabilities
Trendline Trendline
New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks

New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks

New Windows Zero-Days Expose BitLocker Bypasses and Privilege Escalation Risks
Rapid Read Rapid Read
Security Researcher Reveals Vulnerability in Windows BitLocker Allowing Unauthorized Access

Security Researcher Reveals Vulnerability in Windows BitLocker Allowing Unauthorized Access

A security researcher, known by the aliases 'Nightmare-Eclipse' and 'Chaotic Eclipse', has disclosed a vulnerability in Microsoft's BitLocker disk encryption technology. The exploit, named YellowKey, allows unauthorized access to encrypted drives on Windows 11 and Windows Server 2022/2025 using a USB stick with specially crafted files. The vulnerability requires physical access to the target computer and involves using a feature called Transactional NTFS to bypass security measures. The researcher also hinted at another vulnerability, GreenPlasma, which could escalate privileges on Windows systems. The disclosure follows previous exploits by the same researcher, who criticized Microsoft's handling of security issues.
Trendline Trendline
Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns

Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns

Fragnesia Flaw in Linux Kernel Allows Local Users Root Access, Raising Security Concerns
Rapid Read Rapid Read
Fragnesia Vulnerability Exposed as New Linux Local Privilege Escalation Threat

Fragnesia Vulnerability Exposed as New Linux Local Privilege Escalation Threat

A new local privilege escalation vulnerability named Fragnesia has been disclosed for the Linux kernel. This vulnerability, similar to the recently patched Dirty Frag, was announced by V12 Security on an open-source security mailing list. Fragnesia exploits a logic bug within the ESP/XFRM code, allowing arbitrary byte writes into the kernel page cache of read-only files. A proof of concept for this exploit is already available, highlighting the urgency for a fix. Currently, a two-line patch has been proposed to address the issue within the Linux kernel's skbuff.c code, although it has not yet been integrated into any mainline kernel releases.
Trendline Trendline
Avada Builder Plugin Vulnerabilities Expose One Million WordPress Sites to Security Risks

Avada Builder Plugin Vulnerabilities Expose One Million WordPress Sites to Security Risks

Avada Builder Plugin Vulnerabilities Expose One Million WordPress Sites to Security Risks
Rapid Read Rapid Read
Linux Distributions Address Fragnesia Vulnerability Allowing Root Privilege Escalation

Linux Distributions Address Fragnesia Vulnerability Allowing Root Privilege Escalation

A new vulnerability in the Linux kernel, named Fragnesia and tracked as CVE-2026-46300, has been identified, affecting a majority of Linux distributions. This vulnerability resides in the kernel’s XFRM ESP-in-TCP subsystem and allows a local attacker to escalate privileges to root by overwriting sensitive system files. The vulnerability is similar to previously disclosed exploits known as Dirty Frag and Copy Fail. While a proof-of-concept exploit is available, there is currently no evidence of Fragnesia being exploited in the wild. Linux distributions have begun releasing patches to address this issue, and Microsoft has urged organizations to apply these patches promptly to mitigate potential risks.