2026-03-11
2026-03-11 23:00Z
INFO

A Nerd's Life: Weeks of Firmware Teardown to Prove We Were Right

Quarkslab·blog.quarkslab.com

Quarkslab published a detailed firmware reverse-engineering writeup on a JieLi AC6958 smartwatch, documenting weeks of work to decrypt proprietary firmware sections, reverse-engineer the custom Pi32v2 CPU instruction set, and improve Ghidra support for the architecture. The researchers recovered an LFSR-based stream cipher key (0x170f), decrypted FAT filesystem partitions, and significantly extended the Pi32v2 processor module in Ghidra to enable full disassembly and decompilation of the watch's main application.

SRFFirmwareSRFHardwareVNDJieliTYPResearchTYPWriteupSTGDiscoveryTECT1014
72
Edit Score
2026-03-11
2026-03-11 21:16Z
CRIT

CVE-2025-70041 — CWE: An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70041

An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile

VNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 21:16Z
CRIT

CVE-2025-70024 — CWE: An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70024

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile

CWECWE 89VNDCweTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 21:16Z
CRIT

CVE-2025-66956 — Access: Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. CVSSv3.1 9.9 (CRITICAL) · EPSS 31th percentile

CWECWE 284VNDAccessTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-11
2026-03-11 19:16Z
CRIT

CVE-2019-25471 — Leefish File_thingie: FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2019-25471

FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and execute arbitrary commands through the extracted PHP files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDLeefishVNDFilethingieTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 17:16Z
HIGH

CVE-2026-20046 — Cisco Ios_xr: A vulnerability in task group assignment for a specific CLI command in Cisco IOS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20046

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful CVSSv3.1 8.8 (HIGH) · EPSS 4th percentile

CWECWE 264VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-11
2026-03-11 17:16Z
HIGH

CVE-2026-20040 — Cisco Ios_xr: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevat CVSSv3.1 8.8 (HIGH) · EPSS 7th percentile

CWECWE 78VNDCiscoVNDCliTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-11
2026-03-11 17:16Z
CRIT

CVE-2025-70082 — Lantronix Eds3016ps1ns_firmware: An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-70082

An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component CVSSv3.1 9.8 (CRITICAL) · EPSS 39th percentile

CWECWE 288CWECWE 620CWECWE 78VNDLantronixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 17:16Z
CRIT

CVE-2025-67041 — Lantronix Eds3016ps1ns_firmware: An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67041

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 288CWECWE 620CWECWE 78VNDLantronixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 17:16Z
CRIT

CVE-2025-67039 — Lantronix Eds3016ps1ns_firmware: An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67039

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username. CVSSv3.1 9.1 (CRITICAL) · EPSS 30th percentile

CWECWE 288VNDLantronixTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-11
2026-03-11 17:16Z
CRIT

CVE-2025-67038 — Lantronix Eds5032_firmware: This allow attackers to inject arbitrary OS commands into the username parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67038

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile

CWECWE 94VNDLantronixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 17:16Z
HIGH

CVE-2025-67037 — Lantronix Eds5032_firmware: An issue was discovered in Lantronix EDS5000 2.1.0.0R3.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 30th percentile

CWECWE 94VNDLantronixTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-11
2026-03-11 17:16Z
HIGH

CVE-2025-67036 — Lantronix Eds5032_firmware: The Log Info page allows users to see log files by specifying their names.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 30th percentile

CWECWE 94VNDLantronixTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-11
2026-03-11 17:16Z
CRIT

CVE-2025-67035 — Lantronix Eds5032_firmware: The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67035

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 94VNDLantronixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 17:16Z
HIGH

CVE-2025-67034 — Lantronix Eds5032_firmware: An issue was discovered in Lantronix EDS5000 2.1.0.0R3.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67034

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile

CWECWE 94VNDLantronixTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-11
2026-03-11 16:16Z
HIGH

CVE-2026-31892 — Argoproj Argo_workflows: From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as a mechanism to restrict users to admin CVSSv3.1 8.1 (HIGH)

CWECWE 863CWECWE 807VNDArgoVNDArgoprojTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-11
2026-03-11 16:16Z
CRIT

CVE-2026-28229 — Argoproj Argo_workflows: Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates). Any request with a Authorization: Bearer nothing token can leak sensitive template content, including embedded Secret manifests. This vulnerability is fixed in 4.0.2 and 3.7.11. CVSSv3.1 9.8 (CRITICAL)

CWECWE 306CWECWE 863VNDArgoVNDArgoprojTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 16:00Z
HIGH

Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon

SpecterOps·specterops.io

SpecterOps researcher Max Andreacchi disclosed architectural details of Anthropic's Claude multi-agent system through social engineering and sycophancy exploitation. By leveraging Claude's tendency to agree with and mirror user statements, the researcher extracted information about a dual-Claude architecture, inter-instance communication mechanisms (window.claude.complete), JavaScript REPL sandboxing, and identified collaboration potential between isolated Claude instances that could exceed individual capabilities.

TACTA0001TACTA0006SRFAiVNDAnthropicTYPResearchTYPTechniqueTECT1598TECT1592
78
Edit Score
2026-03-11
2026-03-11 15:16Z
CRIT

CVE-2026-30903 — Zoom Workplace_desktop: External Control of File Name or Path in the Mail feature of Zoom Workplace

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-30903

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. CVSSv3.1 9.6 (CRITICAL) · EPSS 24th percentile

CWECWE 73CWECWE 610VNDZoomTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2026-03-11
2026-03-11 15:16Z
HIGH

CVE-2025-67298 — Classroomio Classroomio: An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile CVSSv3.1 8.1 (HIGH)

CWECWE 345CWECWE 639CWECWE 290VNDClassroomioVNDClasroomioTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-11
2026-03-11 14:40Z
HIGH

SUDO_KILLER — A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advan

GitHub · LPE exploits·github.comGITHUB POCCVE-2019-18634CVE-2025-32463

SUDO_KILLER is a privilege escalation enumeration and exploitation framework targeting sudo misconfigurations and CVE-based weaknesses on Unix-like systems. The tool identifies dangerous sudo rules, GTFOBINS abuse paths, vulnerable sudo versions, and environment variable exploits, then provides manual exploitation guidance and helper scripts for credential harvesting, user impersonation, and TTY injection attacks.

SRFOsTACTA0004TYPToolTYPExploitSTGPrivescTECT1548TECT1548.003EXPPrivilege Escalation
72
Edit Score
2026-03-11
2026-03-11 11:00Z
HIGH

Six mistakes in ERC-4337 smart accounts

Trail of Bits·blog.trailofbits.com

Trail of Bits identifies six recurring vulnerability patterns in ERC-4337 smart account implementations: incorrect access control on execute functions, incomplete signature validation of gas fields, dangerous state modification during validation, ERC-1271 replay attacks across accounts/chains, unsafe reliance on postOp reverts for fee recovery, and initialization race conditions in ERC-7702 delegated accounts. The post provides vulnerable and patched code examples for each pattern.

TYPResearchTYPWriteupSTGExecutionSTGCred AccessTECT1550EXPAuth Bypass
82
Edit Score
2026-03-11
2026-03-11 07:16Z
HIGH

CVE-2026-31844 — Koha Koha: An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31844

An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL queries via crafted requests to this parameter, allowing execution of unintended SQL statements and exposure of sensitive database information. Successful exploitation may lead to full CVSSv3.1 8.8 (HIGH) · EPSS 16th percentile

CWECWE 89VNDKohaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-11
2026-03-11 06:17Z
CRIT

CVE-2026-27842 — Authentication: bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27842

Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-11
2026-03-11 06:17Z
CRIT

CVE-2026-24448 — Use: of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24448

Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile

CWECWE 798TYPVulnerability
9.8
CVSS v3.1
99
Edit Score