https://hackingpassion.com/tags/vulnerability/Recent content in Vulnerability on HackingPassion.com : root@HackingPassion.com-[~]HugoenTue, 26 May 2026 12:51:20 +0200https://hackingpassion.com/ghost-cms-cve-2026-26980/Tue, 26 May 2026 12:51:20 +0200https://hackingpassion.com/ghost-cms-cve-2026-26980/<p>A <strong>SQL injection vulnerability</strong> in <strong>Ghost CMS</strong> has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive at a page they trust completely, a fake Cloudflare verification prompt appears, and their machine gets infected if they follow the instructions. More than <strong>700 sites</strong>. Software that had never had an unauthenticated critical vulnerability in its entire history.</p> <p><strong>Ghost CMS</strong> is publishing software built on Node.js, used for newsletters, membership sites, and independent blogs. It is open source and free to self-host, with a paid hosted version called Ghost Pro. More than <strong>100,000 active installations</strong> and more than <strong>50,000 GitHub stars</strong>.</p>https://hackingpassion.com/nginx-rift-cve-2026-42945/Thu, 14 May 2026 13:22:10 +0200https://hackingpassion.com/nginx-rift-cve-2026-42945/<p><strong>NGINX Rift:</strong> An 18-year-old memory corruption bug in NGINX, the web server running on roughly one-third of all websites globally, lets an unauthenticated attacker crash a server with a single crafted HTTP request. On systems where ASLR is disabled, that same request achieves remote code execution. The bug has been in every standard build since 2008. It was publicly disclosed yesterday, after being found by an AI system in six hours.</p>https://hackingpassion.com/nginx-ui-mcpwn-cve-2026-33032/Thu, 16 Apr 2026 11:11:43 +0200https://hackingpassion.com/nginx-ui-mcpwn-cve-2026-33032/<p>A critical vulnerability in nginx-ui has been actively exploited since March 2026, and it gives any attacker on the network full control over the nginx server behind it without a single credential. <strong>CVE-2026-33032</strong> scores <strong>9.8 on the CVSS scale</strong>, sits inside an AI integration that was added to the tool in late 2025, and the entire root cause turned out to be 27 characters of missing code. Recorded Future assigned it a risk score of <strong>94 out of 100</strong>. The researchers who found it named it <strong>MCPwn</strong>. 😏</p>https://hackingpassion.com/docker-authorization-bypass-cve-2026-34040/Sun, 12 Apr 2026 14:10:45 +0200https://hackingpassion.com/docker-authorization-bypass-cve-2026-34040/<p><strong>Docker&rsquo;s Security Layer Has Been Broken Since 2016, And The Fix Doesn&rsquo;t Finish the Job.</strong> One padded HTTP request. That is all it takes to silently disable every authorization plugin in Docker, open a direct path to the host filesystem, and walk out with AWS credentials, SSH keys, and Kubernetes cluster access. The authorization logs show nothing unusual. 😏</p> <p>When a request hits the Docker API, an authorization plugin steps in before anything else happens. That plugin checks exactly what is being requested before the Docker daemon gets to act on it, and enterprises run tools like Open Policy Agent, Prisma Cloud, or Casbin for this job, configured with rules about what containers are and are not allowed to do.</p>https://hackingpassion.com/aws-supply-chain-vulnerability/Sat, 17 Jan 2026 13:49:16 +0100https://hackingpassion.com/aws-supply-chain-vulnerability/<p>Netflix. Twitch. iCloud. The servers of the CIA and NSA. 30% of all cloud infrastructure worldwide runs on Amazon Web Services. Two missing characters in a regex filter nearly compromised all of it. 😬</p> <p>A <code>^</code> at the start and a <code>$</code> at the end. That&rsquo;s what was missing from a security filter, and that&rsquo;s all it would have taken for attackers to inject malicious code into the AWS JavaScript SDK.</p>