vulnerability
Browse all articles, tutorials, and guides about vulnerability
Posts
Dirty Frag (CVE-2026-43284 + CVE-2026-43500): Local Root on Every Major Linux Distro
A two-bug chain in the Linux kernel networking subsystems lets any unprivileged local user become root in a single command. The PoC is public, the embargo broke, and not all distros have a patch yet.
Next.js 16.2.6 and 15.5.18 Ship 13 Security Fixes: Patch Now
Vercel released back-to-back security updates for Next.js covering 7 high, 4 moderate, and 2 low severity advisories, including an upstream React denial-of-service issue. Here is what is broken, who is exposed, and the rollout path.
CVE-2026-3854: A Single git push Owned GitHub
A semicolon in a git push option let any authenticated user run code on GitHub.com's backend and on 88% of self-hosted GitHub Enterprise installs. Here is how the bug worked and what to do.
CVE-2026-31431 Copy Fail: A 4-Byte Kernel Write That Escapes Containers
A new Linux kernel bug lets any unprivileged process flip 4 bytes in the page cache and break out of a container. runtime-default seccomp does not block it. Here is what to do.
CVE-2025-55182 React2Shell: 766 Next.js Hosts Breached in 24 Hours
A CVSS 10.0 RCE in React Server Components let attackers breach 766 Next.js hosts in a single day, stealing database credentials, SSH keys, and cloud secrets. Here is how it works, who is affected, and what to do right now.