Page 34
A critical buffer overflow vulnerability was discovered and fixed in the system restore utility where unbounded strcpy() calls allowed attacker-controlled data to overflow fixed-size buffers. This classic C programming mistake could enable arbitrary code execution through crafted tape archives, highlighting why secure string handling remains essential in 2024.
A critical buffer overflow vulnerability was discovered and patched in Odyssey's SCRAM-SHA-256 authentication implementation, where six unchecked `memcpy` calls allowed unauthenticated attackers to corrupt heap memory by sending crafted oversized fields during authentication. This type of vulnerability is especially dangerous because it requires no credentials to exploit — any client initiating a connection could trigger it. The fix enforces proper length validation before every memory copy oper
A critical buffer overflow vulnerability was discovered and patched in the ShadowsockR proxy server, where attacker-controlled network packet data was used directly as the byte count in memory copy operations without bounds checking. This class of vulnerability allows remote attackers to corrupt server memory, potentially enabling arbitrary code execution or denial of service. The fix adds proper bounds validation before any memory copy operation involving network-supplied length values.
A critical LDAP injection vulnerability in Apache Airflow's Flask-AppBuilder security manager allowed attackers to bypass authentication and gain unauthorized access by crafting malicious usernames. The flaw stemmed from unsanitized user input being directly interpolated into LDAP filter strings — a classic but devastating mistake. This post breaks down how the attack works, what was fixed, and how you can prevent similar issues in your own code.
A critical Remote Code Execution vulnerability (CVE-2026-33937) was discovered in Handlebars.js that allows attackers to execute arbitrary code by crafting malicious Abstract Syntax Tree objects passed to the `compile()` function. This post breaks down how the vulnerability works, why it's dangerous, and how upgrading to Handlebars 4.7.9 closes the attack vector.
A critical vulnerability in Tabby's UAC component allowed local attackers to predict Windows named pipe names generated with a weak pseudo-random number generator, enabling them to hijack privileged communication channels before the elevated process could claim them. This pipe squatting attack could grant unprivileged users the ability to inject commands that execute with Administrator or SYSTEM privileges. The fix removes the unsafe exec() pattern and replaces the predictable pipe naming scheme
A critical buffer overflow vulnerability was discovered and patched in `libretro_core_options.h`, where unsafe string operations (`strcpy()` and `strcat()`) could allow attackers to corrupt memory and achieve arbitrary code execution. The fix eliminates these dangerous C string functions in favor of bounds-checked alternatives, closing a path that could be exploited through maliciously crafted core option configurations. Understanding this class of vulnerability is essential for any developer wo
A medium-to-high severity vulnerability was discovered and patched in Slidev's resolver module, where dynamically loaded theme and plugin packages specified in slide frontmatter lacked proper validation, allowing a malicious package name to execute arbitrary code with the developer's full OS privileges. This fix addresses a supply-chain-adjacent attack vector that could allow attackers to exfiltrate credentials or compromise developer machines simply by sharing a crafted markdown presentation fi
A medium-severity vulnerability was discovered and patched in the PicoW ClockMaster firmware's MQTT client, where file import functionality lacked resource limits and the broker connection lacked authentication—allowing attackers on the same network to inject spoofed motor and LED commands. The fix introduces proper input validation, file size checks, JSON depth limits, and authenticated/encrypted MQTT connections. This case is a timely reminder that IoT firmware security requires the same rigor
A high-severity command injection vulnerability was discovered and patched in a Python packaging script that used `os.system()` with unsanitized string interpolation to construct shell commands. An attacker who could influence the `serverHost` variable could execute arbitrary operating system commands with the full privileges of the packaging process. The fix replaces the dangerous `os.system()` call with Python's `subprocess` module, eliminating the shell injection surface entirely.
A critical vulnerability (CVE-2025-9287) was discovered in the `cipher-base` npm package that allows attackers to manipulate cryptographic hash operations, potentially compromising data integrity and security guarantees in affected applications. The fix, delivered in `cipher-base` version 1.0.5, patches this hash manipulation flaw and should be applied immediately by any project using the affected package. Understanding this vulnerability highlights why cryptographic dependencies deserve the sam
A high-severity vulnerability in `graphify/hooks.py` allowed attackers to achieve arbitrary code execution on CI/CD runners by injecting malicious hook script paths through a user-controlled configuration file. The fix introduces strict path validation against an allowlist of permitted directories before any subprocess execution. This kind of supply-chain attack vector is increasingly common and can silently compromise entire build pipelines with a single malicious commit.