Rce on HackingPassion.com : root@HackingPassion.com-[~]

NGINX Has Had This Bug Since 2008 and One Request Is Enough to Trigger It

Thu, 14 May 2026 13:22:10 +0200

NGINX Rift: An 18-year-old memory corruption bug in NGINX, the web server running on roughly one-third of all websites globally, lets an unauthenticated attacker crash a server with a single crafted HTTP request. On systems where ASLR is disabled, that same request achieves remote code execution. The bug has been in every standard build since 2008. It was publicly disclosed yesterday, after being found by an AI system in six hours.

A Critical Windows DNS Flaw Lets Attackers Run Code on Any Machine Without Logging In

Wed, 13 May 2026 11:35:57 +0200

Microsoft patched a critical heap buffer overflow in the Windows DNS Client. An attacker needs no account and no help from the person sitting at the machine to trigger it. Every Windows machine that performs DNS lookups is potentially in scope, and every Windows machine performs DNS lookups constantly.

The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It sits in a component called dnsapi.dll, the file that handles DNS lookups on every Windows machine. DNS, which stands for Domain Name System, is the system that translates domain names into IP addresses so computers know where to connect. Every time a browser loads a page, an application connects to a server, a VPN establishes, or Windows checks for updates, the system sends out a DNS query asking what IP address belongs to a given name. The DNS Client receives the answer, processes it, and passes it along.

vm2 Node.js Sandbox Escape 12 Critical Vulnerabilities Two Without a Patch

Thu, 07 May 2026 14:42:24 +0200

Twelve critical vulnerabilities were just published for vm2, a Node.js security library that sits inside millions of applications. Three of them score a perfect 10 out of 10. The creator shut the project down in 2023 because it was too broken to fix, restarted it anyway in October 2025, and here we are.

The library is called vm2. When a platform lets users run their own code, that code needs somewhere to run where it cannot touch anything it should not touch. Not the files on the server, not the ability to run system commands, not connections to other services. That sealed-off space where code runs but cannot escape is called a sandbox. vm2 was the tool Node.js developers used to build one.

iTerm2 RCE via cat readme.txt (CVE-2026-41253)

Sat, 18 Apr 2026 11:19:07 +0200

iTerm2, the terminal emulator that ends up on almost every Mac developer’s machine, is vulnerable to a remote code execution attack that occurs when attacker-controlled text is displayed in the terminal, most commonly through reading a file with cat, less, or head. CVE-2026-41253, disclosed on April 17, covers every stable release up through version 3.6.9, which is still the current build on the downloads page because the fix that landed in source on March 31 has not yet shipped in a new release. Researchers at Calif Global turned a plain file-display operation into a full shell as the logged-in user by abusing a legitimate SSH integration feature that iTerm2 trusts by default, without a single click, a single download, or a single signature for any security tool to catch. 😏

Ni8mare: n8n Vulnerability Gives Full Admin Access with One HTTP Header Change

Sat, 10 Jan 2026 15:50:00 +0100

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. The release notes mentioned nothing. 😏

CVE-2026-21858. “Ni8mare” The name says it all.

n8n is a workflow automation platform. Think Zapier, but open source and self-hosted. Over 100 million Docker pulls. Used by Vodafone, Delivery Hero, StepStone. Thousands of enterprises run their entire automation infrastructure on it, with 400+ integrations connecting everything in one central hub.