BadHost – CVE-2026-48710: Starlette Host-Header Auth Bypass ...
May 27, 2026 · Whether "LLM failed to spot vulnerability that took humans 8 years to find" is a great headline about shortcomings of LLMs is questionable, but it is a good example of a category of bug …
1-Click GitHub Token Stealing via a VSCode Bug | Hacker News
1 day ago · Defense-in-depth or not, a huge vulnerability surface arises from that original sin. It'd be like if you had a god-permissioned GitHub API token stored in world-readable plaintext on your …
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Hacker News
Apr 28, 2026 · But often, finding the vulnerability is trivial once the real mechanisms are uncovered, rather than relying on assumptions about inner workings. CVE-2026-3854 is a case where the …
Claude wrote a full FreeBSD remote kernel RCE with root shell ...
Apr 1, 2026 · the prompts show how this was a back-and-forth with a lot of nudging, interruptions and steering: it's not Claude writing a full exploit just from a vulnerability description.
AI is breaking two vulnerability cultures | Hacker News
May 8, 2026 · >any vulnerability in any software available for inspection is going to be instant public knowledge. Or at least public among anybody who matters. Shouldn't this naturally lead to a state …
Authentication bypass in pac4j-JWT using only the RSA public ...
Mar 3, 2026 · The vulnerability is in the composition - the assumption that a decrypted JWE payload will always be a signed JWT. The JWT spec says otherwise. PlainJWT is a valid token type. Full PoC in …
YellowKey Bitlocker Bypass Vulnerability | Hacker News
May 13, 2026 · Point taken, but I would call this an authentication bypass (i.e. you can become administrator without any credentials) instead of a BitLocker bypass. It looks like at most, having …