Development & Open Source
Software development and open source follows supply chain, dependencies, tooling, repositories and code security. The cluster highlights vulnerabilities, updates and useful practices for developers and maintainers.
ZDI-26-336: X.Org Bug Exposes Sensitive Data, Enables Root Escalation
An out-of-bounds (OOB) read in X.Org Server’s CheckKeyActions allows local users to disclose sensitive memory. While the CVSS 6.1 scor…
Gogs Zero-Day RCE: CVSS 9.4 Critical Flaw Remains Unpatched After Two Months
A critical argument injection vulnerability in Gogs' git rebase functionality enables remote code execution. Despite disclosure to mai…
CVE-2026-23111: Single-Character Logic Error Grants Root Access on Linux
An inverted check in the nf_tables subsystem enables local privilege escalation and container breakouts. With public exploits already…
DockSec: The Open-Source AI Healing Containers, Not Just Scanning Them
DockSec, an OWASP Incubator project, leverages LLMs to correlate data from three Docker scanners and generate line-specific fixes. Its…
C0XMO: Gafgyt Variant Targets DD-WRT Routers with Modular Scanner and Competitor-Killing Routine
The C0XMO variant of the Gafgyt botnet exploits CVE-2021-27137 in DD-WRT firmware, utilizing a modular architecture with a standalone…
Emphere Secures $2.1M to Automate Vulnerability Remediation with AI
Seattle-based startup Emphere raises $2.1 million to automate open-source vulnerability remediation as the NVD backlog exceeds 27,000…
CVE-2026-8936: Docker Desktop VM Panic Triggered via grpcfuse Recursion
A low-privileged container can trigger a VM panic in Docker Desktop through uncontrolled recursion in the grpcfuse module. The vulnera…
SI-CERT: How a 13-Person Team Manages 6,000 Annual Incidents
Slovenia’s national CSIRT, SI-CERT, processes 6,000 cyber incidents annually with a core staff of just 13. By deploying a specialized…
Gitea Bug Exposed Private Container Images for Four Years
CVE-2026-27771: A critical flaw in Gitea’s container registry left approximately 31,750 instances vulnerable for nearly four years. Di…
DNS-AID: Linux Foundation Launches Decentralized Discovery for AI Agents
The Linux Foundation has launched DNS-AID, an open-source protocol that leverages existing DNS infrastructure to enable decentralized…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux
CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…