Tag

#rce

2 articles tagged with #rce.

Filter By:All Posts apache architecture aws buffer-overflow cloud-security compliance cve devsecops http2 kev memory-safety network-security palo-alto pan-os policy-as-code rce serverless web-server zero-trust

VULNERABILITY•MAY 14, 2026

CVE-2026-23918: Tearing Down the Apache mod_http2 Early-Reset Double-Free

A race between HTTP/2 HEADERS and RST_STREAM frames lets unauthenticated clients double-free a stream pool inside mod_http2's h2_mplx.c. We dissect the bug, the patch in 2.4.67, and what defenders should actually do.

#apache #http2 #rce

12 MIN READ

VULNERABILITY•MAY 14, 2026

CVE-2026-0300: Unauthenticated Root RCE in PAN-OS Captive Portal Under Active Exploitation

A buffer overflow in the PAN-OS User-ID Authentication Portal lets unauthenticated attackers execute code as root on PA-Series and VM-Series firewalls. Palo Alto confirmed in-the-wild exploitation and CISA added it to KEV before patches shipped.

#pan-os #rce #kev

4 MIN READ