#security-patching

[ follow ]
#drupal #cve-2026-9082 #sql-injection #postgresql #linux-kernel #privilege-escalation #cve-2026-46300
Information security
fromSecurityWeek
7 hours ago

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

CVE-2026-9082 enables unauthenticated arbitrary SQL injection on Drupal sites using PostgreSQL, potentially leading to privilege escalation and remote code execution.
fromSecurityWeek
1 week ago

New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation

Similar to Dirty Frag, Fragnesia exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write primitive in the kernel. The primitive is then used to corrupt the page cache memory of the [/]usr[/]bin[/]su binary, which in turn leads to launching a shell with root privilege. Note that exploitation is not constrained to use the [/]usr[/]bin[/]su binary; it can modify any file readable by the user, including [/]etc[/]passwd, it added.
Information security
Information security
fromThe Hacker News
2 months ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromTheregister
5 months ago

'Exploitation is imminent' of max-severity React bug

A critical RCE vulnerability in React and several frameworks allows unauthenticated remote code execution; immediate upgrading to patched React versions is required.
Gadgets
fromTechCrunch
8 months ago

Samsung patches zero-day security flaw used to hack into its customers' phones | TechCrunch

Samsung fixed a zero-day in its image-display library that allowed remote planting of malicious code on devices running Android 13–16.
[ Load more ]