HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Cve

15 posts

/vm2-sandbox-escape/featured-image.png
vm2 Node.js Sandbox Escape 12 Critical Vulnerabilities Two Without a Patch

May 7, 2026

Twelve critical vulnerabilities were just published for vm2, a Node.js security library that sits inside millions of applications. Three of them score a perfect …

/docker-authorization-bypass-cve-2026-34040/featured-image.png
Docker Had a 10-Year Security Bypass Hidden in Plain Sight

April 12, 2026

Docker’s Security Layer Has Been Broken Since 2016, And The Fix Doesn’t Finish the Job. One padded HTTP request. That is all it takes to silently …

/nginx-hijacking-no-malware/featured-image.png
Hackers Are Hijacking NGINX Servers Without Installing Malware

February 5, 2026

Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a …

/ollama-175000-servers-exposed/featured-image.png
Ollama Security Failure Exposes 175,000 AI Servers to Attackers

January 30, 2026

175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for …

/openssl-12-cves-ai-january-2026/featured-image.png
AI Finds 12 OpenSSL Vulnerabilities Including a 27-Year-Old Bug

January 29, 2026

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since …

/telnetd-root-exploit-cve-2026-24061/featured-image.png
CVE-2026-24061. One Command, Root Access: The 11-Year Telnet Bug

January 24, 2026

It’s 2026 and attackers are still getting root shells via Telnet with a single command that requires no password whatsoever. 😏 SSH has existed for 31 …

/cve-2023-31096-microsoft-modem-driver-exploit/featured-image.png
CVE-2023-31096: Microsoft Modem Driver Exploit Fixed Three Years Later

January 14, 2026

In January 2026, Microsoft had already patched 114 vulnerabilities! Four modem drivers deleted since October. Companies that wrote them: gone. Source code: …

/ni8mare-n8n-cve-2026-21858-rce/featured-image.png
Ni8mare: n8n Vulnerability Gives Full Admin Access with One HTTP Header Change

January 10, 2026

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …

/ffmpeg-heap-overflow-ai-vulnerability-hunter/featured-image.jpg
16-Year-Old's AI Finds Heap Buffer Overflow in FFmpeg EXIF Parser

January 3, 2026

A 16-year-old built an AI that mass-hunts memory bugs. It found 6 vulnerabilities in FFmpeg in December. One was a heap buffer overflow in the EXIF parser. The …

/airoha-bluetooth-backdoor-sony-bose-jbl/featured-image.jpg
70 Million Bluetooth Chips Have a Backdoor: Sony, Bose, JBL Headphones at Risk

January 2, 2026

Your headphones just became a backdoor to your phone. No pairing. No popup. Just Bluetooth range. 70 million chips. Sony. Bose. Marshall. JBL. A debug protocol …

/libsodium-first-cve-13-years-ed25519/featured-image.jpg
libsodium Gets First CVE After 13 Years: The Two-Line Fix

December 31, 2025

The crypto library behind Discord, WordPress, and Zcash just got its first CVE. After 13 years. 😏 libsodium. You’ve probably never heard of it. But …

/mongobleed-mongodb-memory-leak-cve-2025-14847/featured-image.jpg
MongoBleed: 87,000 MongoDB Servers Leaking Memory Like Heartbleed

December 28, 2025

You trust your database to keep your data safe. MongoDB just proved it doesn’t. 87,000 servers are leaking memory to anyone who asks. 😏 December 2025. …

/fortinet-authentication-bypass-cve-2020-12812-cve-2025-59718/featured-image.jpg
Fortinet Authentication Bypass: A 5-Year-Old Bug Returns While a New One Gets Exploited in 3 Days

December 27, 2025

You buy a firewall to protect your network. In one month, two different authentication bypasses are being actively exploited. One is five years old. One is …

/cve-2025-31133-docker-container-escape/featured-image.png
Your Docker container? It just walked right out the front door.

November 13, 2025

Your Docker container? It just walked right out the front door. 😏 Three vulnerabilities just got patched. November 5th. CVE-2025-31133, CVE-2025-52565, …

/cve-2025-62215-windows-kernel-race-condition/featured-image.png
Your Windows Kernel Has a Race Condition Being Exploited Right Now

November 12, 2025

Your Windows Kernel has a race condition. You’ve probably never thought about race conditions. (Most people haven’t. But stick with me…) …