Coroutine stack-to-heap overflow via unbounded recursion in NAR directory parser

### Impact Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack was allocated without a guard page, w...

TVE-2026-03: Xiaomi miIO client heap buffer overflow

Xiaomi miIO client heap buffer overflow

oss-sec: Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)

When NAS Vendors Forget How TLS Works

When NAS Vendors Forget How TLS Works

SSD Advisory - Kerio Control Authentication Bypass and RCE - SSD Secure Disclosure

Summary An analysis primarily of Kerio Control revealed a design flaw in the implementation of the communication with GFI AppManager, leading to an authentication bypass vulnerability in the product under audit. Once the authentication bypass is achieved, the attacker can cause the execution of arbitrary code and commands. Credit An independent security researcher, z3er01 of … SSD Advisory – Kerio Control Authentication Bypass and RCE Read More »

oss-security - Roundcube webmail: Post-Auth RCE via PHP Object Deserialization reported by firs0v

Protecting Windows users from Janet Jackson's Rhythm Nation - The Old New Thing

Granting an exception to a system policy.

ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4

Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.

Pwn everything Bounce everywhere all at once (part 2)

In this series of articles we describe how, during an "assumed breach" security audit, we compromised multiple web applications on our client's network to carry out a watering hole attack by installing fake Single Sign-On pages on compromised servers. In our second episode we take a look at SOPlanning, a project management application that we encountered during the audit.