Skip to content
HiveSecurity
  • Home
  • Blog
  • Tags
  • Vulnerabilities
    • Tools
    • Cheat Sheet
    • Security Guides
  • Contact
  • About
Esc
Type to search...
  • Home
  • Blog
  • Tags
  • Vulnerabilities
  • Resources
  • Tools
  • Cheat Sheet
  • Security Guides
  • Contact
  • About
← All tags Tag

CVE

7 articles

Forgotten Shims: How 11 Old Microsoft-Signed Files Break Secure Boot

ESET Research found 11 old UEFI shim bootloaders, all validly signed by Microsoft, that bypass Secure Boot on any system trusting Microsoft's third-party CA. CVE-2026-8863 and CVE-2026-10797 — no exploit chain required.

15 July 2026
Firmware Security Vulnerability CVE

ChocoPoC: The Exploit You Cloned Is the Attack

ChocoPoC hides a remote access trojan inside trojanized CVE proof-of-concept repositories on GitHub, using a malicious PyPI dependency chain to compromise the researchers who clone them.

2 July 2026
Supply Chain Red Team Malware

One HTTP Header, Full Admin Access: Gitea's June 2026 Security Release Explained

Gitea 1.26.3 and 1.26.4 addressed a dense security release window, including a 9.8 CRITICAL auth bypass exploitable with a single HTTP header. Here's what broke and how to fix it.

Updated 2 July 2026
Web Security Cybersecurity Hardening

pedit COW & DirtyClone: Two New Linux Root Exploits That Bypass On-Disk Integrity Checks

CVE-2026-46331 and CVE-2026-43503 both corrupt the Linux page cache via network subsystems to grant root — bypassing file integrity tools like AIDE and Tripwire without touching files on disk.

27 June 2026
Linux Vulnerability Privilege Escalation

SSH-keysign-pwn: The Nine-Year Linux Kernel Flaw

CVE-2026-46333 (ssh-keysign-pwn) is a nine-year-old Linux kernel race condition that lets an unprivileged local user steal SSH host keys and dump /etc/shadow. Root command execution is also possible on specific configurations.

21 May 2026
Linux Vulnerability Kernel

YellowKey: The BitLocker Bypass Hidden in Windows Recovery

A researcher discovered a zero-day that bypasses BitLocker encryption on Windows 11 using a USB stick and the recovery environment — and suspects the component may be intentional. CVE-2026-45585, CVSS 6.8. Microsoft released an official mitigation on May 21, 2026.

Updated 21 May 2026
Windows Vulnerability Encryption

Your Firewall Just Became Their Foothold

CVE-2026-20182 (CVSS 10.0) and CVE-2026-0300 (CVSS 9.3) hit simultaneously — one owns your firewall, the other poisons your entire SD-WAN fabric.

18 May 2026
Cybersecurity Red Team Blue Team
HiveSecurity

Offensive thinking. Defensive expertise.

Content
  • Home
  • Blog
  • Tags
  • Vulnerabilities
Resources
  • Tools
  • Cheat Sheet
  • Security Guides
Company
  • Contact
  • About
  • RSS
  • Privacy
  • Security Policy

© 2026 Hive Security. All rights reserved.

Built with zero trust & least privilege