60 stories tagged with #cve, in publish-time order across the WeSearch catalog. Tag pages update as new stories ingest.
⌘ RSS feed for this tag → or search "Cve"
First Drive: The 2027 Rivian R2 entirely changes the EV game
Rivian's second EV is the sub-$60,000 R2, and it was worth the wait.…
Have you sold cve before?
Sean McVay Leaves Door Open for Aaron Donald Comeback as Rams Monitor Retirement Status
Sean McVay may have just fueled one of the wildest NFL storylines of the offseason. The Los Angeles Rams already shook up the league by acquiring Myles Garrett, however, the possib…
CVE-Bench: testing LLM agents on real-world vulnerability patches
Benchmarking LLMs on real-world CVE patching…
CVE-2026-48710: A Maintainer's Perspective
Cenovus Energy (CVE) Surged 60.7% in Q1 Amid Middle East Conflict
I evaluated 5 LLM agents on patching real-world CVEs. Here is what I found.
Glibc CVE-2026-5450 9.8
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width gr…
Gitea CVE-2026-27771 exposed private container images without authentication
Gitea private container images were accessible to anyone on the internet, no credentials required, across healthcare, aerospace, and critical infrastructure worldwide.…
Atom Exhaustion Is Not a Footgun. It's One Third of Our CVEs
Show HN: CVE-2026-40369 Windows Kernel Arbitrary Write Chrome SBX
EV Pixie Dust Effect: Ferrari Unaware of Woke Jaguar Commercial
I have often wondered in this day and age what cars cause the younger kids to drool and writhe in jealousy. It's so easy to rattle off a couple of the ones many of us grew up with,…
Is anyone actually running lean base images in production? how much did it help your CVE count?
How I monitor CVEs daily with a 50-line Python script
Every morning I get a Telegram message with the CVEs that matter to my clients. Not the 150+ CVEs...…
Who is using CVE Lite CLI? Share your use case (OWASP Incubator Project for JS/TS dependency scanning)
Who is using CVE Lite CLI? Share your use case (OWASP Incubator Project for JS/TS dependency scanning)
Memory Safety and the C/C++ CVE Crisis
Microsoft analyzed a decade of their security bulletins and found roughly 70 percent of critical...…
CVE-2026-48710 Starlette Host-Header Auth Bypass
Apple adds new CVE details to several macOS, iOS, iPadOS, visionOS, and watchOS updates
Apple today updated the security content pages for several macOS, iOS, iPadOS, visionOS, and watchOS releases. Here are the details.…
Tired of running `npm audit` across a dozen repos, so I built a self-hosted CVE monitor for your whole portfolio (npm, pnpm, yarn)
7-Zip CVE-2026-48095: NTFS Heap Overflow Can Trigger Through Renamed Files
OWASP CVE Lite CLI
Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remed…
CVE-2026-28952: Apple macOS 26.5 Kernel Vuln found by Claude
This document describes the security content of macOS Tahoe 26.5.…
Security Advisory for Cargo (CVE-2026-5222)
Empowering everyone to build reliable and efficient software.…
so to recap this week: two actively exploited Defender zero-days, an unpatched Exchange spoofing vuln, a BitLocker bypass called "YellowKey", AND 137 CVEs from Patch Tuesday. this is not a normal week
Why CVE Does Not Work for AI Agents, but AVE?
CVE-2021-21735: ZTE H168N wizard whitelist exposed PPPoE and WLAN secrets pre-auth
An npm Package for AI Agent Orchestration Just Shipped With Its Front Door Unlocked. Here's What the CVE Actually Reveals.
MCP ecosystem is growing fast enough that security researchers are now hunting it like any other...…
Composer-cve-gate – pre-install gate for Composer, built after Laravel-Lang
Pre-install / pre-upgrade CVE gate for Composer. Blocks before post-install scripts run. - sharkyger/composer-cve-gate…
Vulnerability Spoiler Alert – Exposing Patches Before CVEs
AI-powered early warning for open-source security patches — before the CVE drops.…
Window between zero-day CVE and a patch!
Intel's Latest Round Of Open-Source Projects Ended: OBS Studio Plugin, CVE Binary Tool & More
With Intel having been one of the most dominant open-source contributors for years across the software ecosystem, months after they began sunsetting various software projects no lo…
CoreWeave GC McVeety sells $382,610 in stock
CVE-2026-9256: Nginx 1.31.1 and 1.30.1
I gave Gemini 3.5 Flash a CVE-fix PR to review. It found another bug in the same file.
This is a submission for the Google I/O Writing Challenge Across 3 real production PRs, I asked...…
Safe read-only check script for Copy Fail / CVE-2026-31431
Safe read-only check script for Copy Fail / CVE-2026-31431
POC for CVE-2026-46529 – RCE via PDF argv injection
Evince/xreader/Atril RCE exploit to CVE-2026-46529 - N1et/CVE-2026-46529…
How I Analyzed the Linux Kernel's Deadliest Logic Bug: A Deep Dive into Dirty Pipe (CVE-2022-0847)
A senior developer's code-level walkthrough of Dirty Pipe, Page Cache, pipe buffers, splice(), and the tiny initialization bug that became a critical Linux vulnerability.…
Basira - open source AI code reviewer with OWASP audit, 0 CVEs, BYOK
CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
CVE-2026-34474: ZTE H298A / H108N routers expose credentials before authentication
Golang gRPC – CVE-2026-33186 Detail
Show HN: A timeline of recent open source CVE intensity and volume
Weekly contribution matrix tracking total open-source vulnerability volume and critical supply chain security alerts.…
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Istio 1.30 Deep Dive — Agentgateway, Ambient Multicluster, TrafficExtension API, and 4 CVE Patches (JWKS RSA Leak, XDS Debug Auth)
On May 18, 2026, the Istio community shipped **Istio 1.30.0** alongside backports 1.29.3 and 1.28.7. On the surface it's a regular quarterly release,…
CVE-2026-45585: Windows BitLocker — YellowKey Recovery Bypass Analysis
CVE-2026-34472: According to ZTE, an unauthenticated auth bypass is just a 'customer-specific low-risk requirement.' MITRE disagreed.
Bitcoin Core CVE, AssumeUTXO - Bitcoin Optech Newsletter #405 Recap Podcast
How do you track CvEs that actually affect your specific stack ?
What’s your CVE monitoring workflow for clients stacks?
CVE-2025-54518
20 Year old pgcrypto CVE reported
Two remote code execution bugs lived in pgcrypto for twenty years until an AI fuzzer found them in a weekend. Here's what you need to know.…
What 44 CVEs Tell You About Rust's Safety Boundary
In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that has been the default in Ubuntu since 25.10. The disclosures came out of an ext…
[Podcast] Thinking Elixir 304: Types, CVEs, and Hot Reloads
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, tell…
The CVE That Wasn't: Microsoft's Azure Vulnerability Rejection and the Eroding Trust in Cloud Disclosure
Microsoft classified a critical Azure cross-tenant vulnerability as "by design" without a CVE, fueling debate over disclosure precedent and silent-fix…