In this week's Seclog, the security landscape is marked by the disclosure of several critical vulnerabilities, alongside a surge in new security tools and a stark look at emerging threats. Noteworthy are critical RCE flaws impacting n8n and Arista Firewalls, as well as a significant charset bypass in OWASP CRS, highlighting the persistent challenge of securing widely used software. Simultaneously, the community gains new open-source tools for auditing Tailscale configurations, PostgreSQL environments, and Jira, in addition to .NET deserialization and AWS EBS snapshot utilities, empowering defenders and red teamers alike. A review of 2025 CVE data reveals a record number of vulnerabilities, with a notable shift towards web application and supply chain flaws. The growing threat of malicious AI tools like WormGPT also surfaces, indicating a new frontier in cybercrime. Finally, positive stories of collaborative vulnerability disclosure offer a glimpse into the community's cooperative efforts.

📰 SecLinks #

2025 CVE Data Review Analysis - jerrygamblin.com

The year 2025 set a new record with 48,185 published CVEs, indicating a significant increase in disclosed vulnerabilities. Analysis reveals a distinct shift towards web application flaws, particularly within the CMS ecosystem, and a broader distribution of affected vendors, underscoring deeper supply chain vulnerability issues.

Arista Firewall RCE Chain Disclosure - bishopfox.com

Arista Next Generation Firewall (NGFW) appliances are affected by a chain of three high-severity vulnerabilities: sensitive information disclosure (CVE-2025-6980), authentication bypass (CVE-2025-6979), and command injection (CVE-2025-6978). Exploitation of these flaws could lead to unauthenticated remote code execution, making the immediate application of vendor patch software version 17.4 critical for affected systems.

OWASP CRS Charset Bypass Critical Fix - coreruleset.org

A critical security bypass (CVE-2026-21876) was found in OWASP CRS rule 922110, specifically impacting charset parameter validation in multipart/form-data requests. This vulnerability has been present since the rule's inception and affects all supported CRS versions, indicating a long-standing potential for attackers to evade web application firewall protections.

n8n Critical RCE Vulnerability Fixed - cyera.com

A critical unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2026-21858, CVSS 10.0) was discovered in n8n, potentially impacting around 100,000 locally deployed instances. Attackers can exploit this flaw to fully compromise affected n8n instances, necessitating an urgent upgrade to version 1.121.0 or later to mitigate the risk.

2025 Vulnerability Forecast Review - first.org

Reviews the accuracy and utility of 2025 vulnerability forecasts, reinforcing confidence in community-driven predictive analysis. Emphasizes the growing resilience and collaborative nature of the security community, reducing reliance on proprietary solutions or limited individual expertise for future threat anticipation.

Malicious AI Tools Emerge - picussecurity.com

Highlights the emergence and industrialization of malicious Large Language Models (LLMs) like WormGPT, MalTerminal, and LameHug within cybercrime. These tools operate without the safety filters of legitimate AI, enabling threat actors to bypass traditional safeguards and automate malicious activities.

Mailpit Vulnerability Collaborative Disclosure - rosecurify.com

This article recounts a positive experience in security research, detailing the discovery of two vulnerabilities in Mailpit. It highlights a successful collaborative process between the security researcher and the project maintainer, leading to the prompt and respectful remediation of the issues.

💻 SecGit #

Jira Security Reconnaissance & Exploitation - github.com

Presents jiraffe, a comprehensive tool designed for Jira security reconnaissance and exploitation. It consolidates various techniques for discovering vulnerabilities and exploiting misconfigurations in Jira instances, streamlining the assessment process for security professionals.

PostgreSQL Penetration Testing Lab - github.com

Offers a comprehensive PostgreSQL penetration testing lab environment for learning and practicing various attack techniques. Covers key attack phases including enumeration, authentication bypass, privilege escalation, remote code execution (RCE), and establishing persistence within PostgreSQL databases.

Tailscale Security Configuration Auditor - github.com

Introduces tailsnitch, a security auditor designed to analyze Tailscale configurations for potential weaknesses. The tool helps identify common misconfigurations, overly permissive access controls, and deviations from security best practices within a tailnet, enhancing network security posture.

.NET Deserialization Payload Generator - github.com

Presents ysonet, a utility specifically crafted for generating deserialization payloads across various .NET formatters. This tool is valuable for security researchers and penetration testers to identify and exploit deserialization vulnerabilities in .NET applications.

AWS EBS Snapshot Download Utility - github.com

Introduces dsnap, a utility that facilitates the downloading and mounting of AWS EBS snapshots. Leverages the EBS Direct APIs, providing a powerful capability for forensic analysis, data recovery, or security auditing of disk images in cloud environments.

← Back to Seclog