HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Rce

5 posts

/nginx-rift-cve-2026-42945/featured-image.png
NGINX Has Had This Bug Since 2008 and One Request Is Enough to Trigger It

May 14, 2026

NGINX Rift: An 18-year-old memory corruption bug in NGINX, the web server running on roughly one-third of all websites globally, lets an unauthenticated …

/windows-dns-rce-2026/featured-image.png
A Critical Windows DNS Flaw Lets Attackers Run Code on Any Machine Without Logging In

May 13, 2026

Microsoft patched a critical heap buffer overflow in the Windows DNS Client. An attacker needs no account and no help from the person sitting at the machine to …

/vm2-sandbox-escape/featured-image.png
vm2 Node.js Sandbox Escape 12 Critical Vulnerabilities Two Without a Patch

May 7, 2026

Twelve critical vulnerabilities were just published for vm2, a Node.js security library that sits inside millions of applications. Three of them score a perfect …

/iterm2-cat-readme-rce-cve-2026-41253/featured-image.png
iTerm2 RCE via cat readme.txt (CVE-2026-41253)

April 18, 2026

iTerm2, the terminal emulator that ends up on almost every Mac developer’s machine, is vulnerable to a remote code execution attack that occurs when …

/ni8mare-n8n-cve-2026-21858-rce/featured-image.png
Ni8mare: n8n Vulnerability Gives Full Admin Access with One HTTP Header Change

January 10, 2026

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …