» Tag
cve
6 postsCargo'da Symlink Açığı: CVE-2026-5223 Duyuruldu
Cargo, üçüncü taraf registry'lerden gelen tarball'lardaki symlink'leri hatalı işliyordu. Rust 1.96.0 ile düzeltilen orta seviye açığın detayları.
rustcargosecuritycveJanuscape: 16-Year-Old UAF in KVM Shadow MMU Crashes Hosts
CVE-2026-53359 (Januscape) is a 16-year-old UAF in KVM's shadow paging code enabling guest-to-host escape; the public PoC reliably panics the host, disrupting all co-located VMs.
kvmvirtualizationlinux-kernelcveJanuscape: 16-Year-Old Critical Linux KVM Escape, PoC Public
CVE-2026-53359 (Januscape) is a critical Linux KVM guest-to-host escape in the shadow MMU, present since 2010; a public PoC causes host kernel panic.
linuxkvmvirtualizationkernel-exploitCursor Sandbox Escape Shows AI Agents Need Kernel Boundaries
Two critical bugs in Cursor's command sandbox let an attacker-controlled AI agent write outside it and reach RCE. Both are fixed in Cursor 3.0.
cursorai-agentssandboxcveBad Epoll Flaw Grants Root Access on Linux and Android
CVE-2026-46242, dubbed Bad Epoll, lets unprivileged local users gain root via a race-condition bug in the Linux kernel's epoll subsystem; a patch is already out.
linuxsecuritykernelcveJanuscape: KVM/x86 Guest-to-Host Escape Flaw (CVE-2026-53359)
Januscape (CVE-2026-53359) is a critical KVM/x86 guest-to-host escape flaw in the shadow MMU, dormant for 16 years and exploitable on both Intel and AMD.
kvmvirtualizationlinux-kernelcve