HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Vulnerability

5 posts

/ghost-cms-cve-2026-26980/featured-image.png
Ghost CMS SQL Injection Stole Admin Keys From 700 Websites With One Request

May 26, 2026

A SQL injection vulnerability in Ghost CMS has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive …

/nginx-rift-cve-2026-42945/featured-image.png
NGINX Has Had This Bug Since 2008 and One Request Is Enough to Trigger It

May 14, 2026

NGINX Rift: An 18-year-old memory corruption bug in NGINX, the web server running on roughly one-third of all websites globally, lets an unauthenticated …

/nginx-ui-mcpwn-cve-2026-33032/featured-image.png
Nginx-UI MCPwn (CVE-2026-33032): Full Server Takeover With One Unauthenticated Request

April 16, 2026

A critical vulnerability in nginx-ui has been actively exploited since March 2026, and it gives any attacker on the network full control over the nginx server …

/docker-authorization-bypass-cve-2026-34040/featured-image.png
Docker Had a 10-Year Security Bypass Hidden in Plain Sight

April 12, 2026

Docker’s Security Layer Has Been Broken Since 2016, And The Fix Doesn’t Finish the Job. One padded HTTP request. That is all it takes to silently …

/aws-supply-chain-vulnerability/featured-image.png
Two Missing Characters Nearly Compromised the AWS Supply Chain

January 17, 2026

Netflix. Twitch. iCloud. The servers of the CIA and NSA. 30% of all cloud infrastructure worldwide runs on Amazon Web Services. Two missing characters in a …