https://hackingpassion.com/tags/vulnerability-research/Recent content in Vulnerability Research on HackingPassion.com : root@HackingPassion.com-[~]HugoenThu, 29 Jan 2026 14:18:28 +0100https://hackingpassion.com/openssl-12-cves-ai-january-2026/Thu, 29 Jan 2026 14:18:28 +0100https://hackingpassion.com/openssl-12-cves-ai-january-2026/<p>An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since 1998. 🧐</p> <p>OpenSSL is the cryptographic library that encrypts roughly two-thirds of all internet traffic. It runs on 95% of IT organizations worldwide. Banks use it. Hospitals use it. Governments use it. Cloud platforms, enterprise applications, operating systems, critical infrastructure. When OpenSSL has a vulnerability, the entire internet has a problem.</p>https://hackingpassion.com/pixel-9-zero-click-exploit/Fri, 16 Jan 2026 10:25:26 +0100https://hackingpassion.com/pixel-9-zero-click-exploit/<p>Someone sends you an audio message. You don&rsquo;t open it, you don&rsquo;t play it, you don&rsquo;t even look at your phone. And you&rsquo;re already hacked. 😏 Google Project Zero just published a three-part series this week showing exactly how they built a working exploit chain for the Pixel 9. No clicks required and no interaction at all. Just receive a message and your phone is compromised.</p> <p><strong>CVE-2025-54957</strong></p> <p>The vulnerability sits in Dolby&rsquo;s audio decoder, a component that ships on almost every Android phone sold today. Pixel, Samsung, and dozens of other brands all use it. When someone sends you an audio message through SMS or RCS (the default messaging on most Android phones), your phone automatically decodes it for transcription. Before you even see the notification, the malicious code is already running.</p>https://hackingpassion.com/ffmpeg-heap-overflow-ai-vulnerability-hunter/Sat, 03 Jan 2026 14:47:00 +0100https://hackingpassion.com/ffmpeg-heap-overflow-ai-vulnerability-hunter/<p>A 16-year-old built an AI that mass-hunts memory bugs. It found 6 vulnerabilities in FFmpeg in December. One was a heap buffer overflow in the EXIF parser. The code that reads your photo metadata. 😎</p> <p>FFmpeg processes media on billions of devices. VLC. Chrome. Firefox. YouTube. Blender. OBS Studio. Plex. Even NASA&rsquo;s Perseverance rover uses FFmpeg.</p> <p>The vulnerability: CVE is still pending.</p> <p>Important nuance: this bug was in FFmpeg&rsquo;s development branch, not in a public release. It existed for three days before it was caught. Three days. FFmpeg called the researcher &ldquo;a model security researcher&rdquo; for catching it before it shipped.</p>https://hackingpassion.com/exploit-eye-cve-vulnerability-search-tool/Tue, 18 Nov 2025 15:43:40 +0100https://hackingpassion.com/exploit-eye-cve-vulnerability-search-tool/<p>When you&rsquo;re hunting for vulnerabilities, you jump between three different websites. NVD for CVE data. Exploit-DB for working exploits. GitHub for proof-of-concept code.</p> <p>That&rsquo;s annoying. You lose time. You miss things.</p> <p>I built Exploit Eye to fix that.</p> <h2 id="the-problem">The Problem</h2> <p>Here&rsquo;s what happens when you research a vulnerability. You find a CVE number somewhere. CVE-2025-1234, for example.</p> <p>First, you check the National Vulnerability Database. You find details there. Severity scores. Affected versions. The description tells you what&rsquo;s vulnerable.</p>