exploitable – RabbitZ Academy – Next Gen Cybersecurity https://rabbitzlabs.de Hacking, Pentesting & IT-Sicherheit lernen Sun, 31 May 2026 09:04:18 +0000 de hourly 1 https://wordpress.org/?v=7.0 https://rabbitzlabs.de/wp-content/uploads/2026/03/cropped-ChatGPT-Image-6.-Maerz-2026-15_04_56-32x32.png exploitable – RabbitZ Academy – Next Gen Cybersecurity https://rabbitzlabs.de 32 32 Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high-3/ Sun, 31 May 2026 09:04:18 +0000 https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high-3/ Information published.]]> Information published.

Quelle: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

]]> Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high/ Sun, 31 May 2026 09:04:17 +0000 https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high/ Information published.]]> Information published.

Quelle: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

]]> Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high-2/ Sun, 31 May 2026 09:04:17 +0000 https://rabbitzlabs.de/type-confusion-in-v8-in-google-chrome-prior-to-142-0-7444-59-allowed-a-remote-attacker-to-potentially-exploit-heap-corruption-via-a-crafted-html-page-chromium-security-severity-high-2/ Information published.]]> Information published.

Quelle: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

]]> CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference https://rabbitzlabs.de/cve-2025-15504-lief-project-lief-elf-binary-parser-tcc-parse_binary-null-pointer-dereference/ Sun, 31 May 2026 09:04:16 +0000 https://rabbitzlabs.de/cve-2025-15504-lief-project-lief-elf-binary-parser-tcc-parse_binary-null-pointer-dereference/ Information published.]]> Information published.

Quelle: CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

]]> CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a „read-only“ file descriptor to change the owner and permissions of a file. https://rabbitzlabs.de/cve-2024-36137-a-vulnerability-has-been-identified-in-node-js-affecting-users-of-the-experimental-permission-model-when-the-allow-fs-write-flag-is-used-node-js-permission-model-do-not-operate-o/ Sun, 31 May 2026 08:48:30 +0000 https://rabbitzlabs.de/cve-2024-36137-a-vulnerability-has-been-identified-in-node-js-affecting-users-of-the-experimental-permission-model-when-the-allow-fs-write-flag-is-used-node-js-permission-model-do-not-operate-o/ Information published.]]> Information published.

Quelle:

CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used.

Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a „read-only“ file descriptor to change the owner and permissions of a file.

]]> CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. https://rabbitzlabs.de/cve-2024-22018-a-vulnerability-has-been-identified-in-node-js-affecting-users-of-the-experimental-permission-model-when-the-allow-fs-read-flag-is-used-this-flaw-arises-from-an-inadequate-permissio/ Sun, 31 May 2026 08:34:40 +0000 https://rabbitzlabs.de/cve-2024-22018-a-vulnerability-has-been-identified-in-node-js-affecting-users-of-the-experimental-permission-model-when-the-allow-fs-read-flag-is-used-this-flaw-arises-from-an-inadequate-permissio/ Information published.]]> Information published.

Quelle: CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

]]> CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. https://rabbitzlabs.de/cve-2017-3736-there-is-a-carry-propagating-bug-in-the-x86_64-montgomery-squaring-procedure-in-openssl-before-1-0-2m-and-1-1-0-before-1-1-0g-no-ec-algorithms-are-affected-analysis-suggests-that-attac/ Sun, 31 May 2026 08:18:06 +0000 https://rabbitzlabs.de/cve-2017-3736-there-is-a-carry-propagating-bug-in-the-x86_64-montgomery-squaring-procedure-in-openssl-before-1-0-2m-and-1-1-0-before-1-1-0g-no-ec-algorithms-are-affected-analysis-suggests-that-attac/ Information published.]]> Information published.

Quelle: CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

]]> CVE-2026-28387 Potential Use-after-free in DANE Client Code https://rabbitzlabs.de/cve-2026-28387-potential-use-after-free-in-dane-client-code/ Sun, 31 May 2026 08:18:05 +0000 https://rabbitzlabs.de/cve-2026-28387-potential-use-after-free-in-dane-client-code/ Information published.]]> Information published.

Quelle: CVE-2026-28387 Potential Use-after-free in DANE Client Code

]]> CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion https://rabbitzlabs.de/cve-2026-31789-heap-buffer-overflow-in-hexadecimal-conversion/ Sun, 31 May 2026 08:18:05 +0000 https://rabbitzlabs.de/cve-2026-31789-heap-buffer-overflow-in-hexadecimal-conversion/ Information published.]]> Information published.

Quelle: CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion

]]> CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL https://rabbitzlabs.de/cve-2026-28388-null-pointer-dereference-when-processing-a-delta-crl/ Sun, 31 May 2026 08:18:04 +0000 https://rabbitzlabs.de/cve-2026-28388-null-pointer-dereference-when-processing-a-delta-crl/ Information published.]]> Information published.

Quelle: CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

]]>