Series

Deep Dives

Operational writeups on CVEs disclosed in the past week. Each entry shows how to check if you're vulnerable, the threat model, and starter detection rules.

5 entries to date

  1. #5 CVE-2026-45247 Mirasvit — Full Page Cache Warmer for Magento 2 An unauthenticated PHP object injection vulnerability in Mirasvit Full Page Cache Warmer for Magento 2 enables remote attackers to achieve arbitrary code execution. 2026-06-08
  2. #4 CVE-2026-10910 Google — Chrome A critical type confusion flaw in the V8 JavaScript engine of Google Chrome exposes users to potential remote code execution and system compromise. 2026-06-05
  3. #3 CVE-2026-43898 SandboxJS — SandboxJS A critical sandbox escape vulnerability in the SandboxJS library allows unauthenticated remote attackers to achieve full code execution on the underlying host system. 2026-05-29
  4. #2 CVE-2026-44329 free5GC — SMF (Session Management Function) A critical authentication bypass in the free5GC SMF component allows an unauthenticated network attacker to perform unauthorized management operations on the 5G core network. 2026-05-28
  5. #1 CVE-2026-42945 F5 — NGINX The "NGINX Rift" heap buffer overflow vulnerability in NGINX Open Source and NGINX Plus poses a significant risk of service disruption and potential remote code execution. 2026-05-22