Loading video...

Video Failed to Load

Go Home

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: Blog:

NullSecurityX's profile picture

NullSecurityX

11,808 subscribers

19,539 views • 1 month ago •via X (Twitter)

LIVE

Anya Rossi• Live Now

Private livecam show

0 Comments

No comments available

Comments from the original post will appear here

Related Videos

Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}
1:23

Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}

NullSecurityX

36,718 views • 2 months ago

So here is new local privilege escalation zero-day I discovered, not patched yet too :). In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint. Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client. In the white paper below, I describe five exploit paths you can abuse. However it's architecture problem and maybe there are more. It's Not A Potato
1:49

So here is new local privilege escalation zero-day I discovered, not patched yet too :). In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is off by default), it seems that any other process in Windows can expose the same RPC server using the same endpoint. Now all the RPC calls from that SYSTEM processes will come to this fake server and If the process that deployed the server has SeImpersonatePrivilege, it can escalate to SYSTEM by impersonate the RPC client. In the white paper below, I describe five exploit paths you can abuse. However it's architecture problem and maybe there are more. It's Not A Potato

Haidar

50,616 views • 1 month ago

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)
0:31

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

NullSecurityX

93,653 views • 2 months ago

It's the bug of the month for June 2026! CVE-2026-45657 - A CVSS 9.8 vulnerability in Kernel that allows remote, unauthenticated code execution at SYSTEM without user interaction. Yikes!
0:38

It's the bug of the month for June 2026! CVE-2026-45657 - A CVSS 9.8 vulnerability in Kernel that allows remote, unauthenticated code execution at SYSTEM without user interaction. Yikes!

TrendAI Zero Day Initiative

31,835 views • 10 days ago

CVE-2026-42530 NGINX RCE
0:27

CVE-2026-42530 NGINX RCE

Clandestine

46,305 views • 1 day ago

If you want to be able to call server functions from the client, RPC is often the move. The Bun + Better Call combo gets you a fullstack solution in very little code. Server, Client, bundling and HMR 👌 had to record a little video showing the setup
3:26

If you want to be able to call server functions from the client, RPC is often the move. The Bun + Better Call combo gets you a fullstack solution in very little code. Server, Client, bundling and HMR 👌 had to record a little video showing the setup

Wes Bos

103,552 views • 8 months ago

CVE 2020-14882: WebLogic Server Unauthenticated RCE via GET request Credit:
0:36

CVE 2020-14882: WebLogic Server Unauthenticated RCE via GET request Credit:

Dark Web Informer - Cyber Threat Intelligence

13,926 views • 1 year ago

🔥MAJOR MILESTONE: PI NETWORK ACTIVATES TESTNET RPC SERVER FOR SMART CONTRACTS Pi Network (Pi Network) has officially launched an RPC server on its Testnet, marking a major milestone toward full programmability. This infrastructure allows developers to simulate, test, and deploy smart contracts within the Pi ecosystem for the first time. This technical update signals a shift from a closed mobile community toward a functional, utility-driven Layer 1 network.
0:30

🔥MAJOR MILESTONE: PI NETWORK ACTIVATES TESTNET RPC SERVER FOR SMART CONTRACTS Pi Network (Pi Network) has officially launched an RPC server on its Testnet, marking a major milestone toward full programmability. This infrastructure allows developers to simulate, test, and deploy smart contracts within the Pi ecosystem for the first time. This technical update signals a shift from a closed mobile community toward a functional, utility-driven Layer 1 network.

BSCN

22,919 views • 2 months ago

⚠️ We’ve reproduced CVE-2025-49113 in Roundcube. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. If you're running Roundcube — update immediately!
0:29

⚠️ We’ve reproduced CVE-2025-49113 in Roundcube. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. If you're running Roundcube — update immediately!

PT SWARM

49,934 views • 1 year ago

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:
0:46

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: PoC:

0x6rss

45,616 views • 1 year ago

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam
0:56

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

HackGit

39,726 views • 3 years ago

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) Cheers to Pumpkin 🎃 for finding these CVEs + the OffensiveCon talk from gteissier & Quentin Minster Picavet for inspiration!
1:13

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) Cheers to Pumpkin 🎃 for finding these CVEs + the OffensiveCon talk from gteissier & Quentin Minster Picavet for inspiration!

Crusaders of Rust

81,655 views • 9 months ago

CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server Don’t use and never use this vulnerability lightly,because it is a master of data cleaning
1:13

CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server Don’t use and never use this vulnerability lightly,because it is a master of data cleaning

ShimizuKawasaki

97,359 views • 2 years ago

Every 3rd website you visit runs Nginx. 18,959,833 of them can be hijacked right now. A bug from 2008 just got a working exploit. CVE-2026-42945 (CVSS 9.2) No login. No access. Just one HTTP request. → Heap overflow → Worker process → RCE Patch ASAP to Nginx 1.31.0 or 1.30.1 PoC is already out:
0:36

Every 3rd website you visit runs Nginx. 18,959,833 of them can be hijacked right now. A bug from 2008 just got a working exploit. CVE-2026-42945 (CVSS 9.2) No login. No access. Just one HTTP request. → Heap overflow → Worker process → RCE Patch ASAP to Nginx 1.31.0 or 1.30.1 PoC is already out:

Het Mehta

151,848 views • 1 month ago

‼️ CVE-2026-22812: OpenCode v1.0.216 - Unauthenticated RCE CVSS: 8.8 CVE Published: January 12th, 2026 PoC/Exploit: Advisory/PoC: Original Post:
3:47

‼️ CVE-2026-22812: OpenCode v1.0.216 - Unauthenticated RCE CVSS: 8.8 CVE Published: January 12th, 2026 PoC/Exploit: Advisory/PoC: Original Post:

Dark Web Informer

28,847 views • 4 months ago

🚨POC RELEASED🚨PoC for SQL Injection leads to RCE in Wordpress released (CVE-2024-27956). #Clearnet #DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Wordpress #Infosec #CTI #CVE202427956 #Vulnerability
1:06

🚨POC RELEASED🚨PoC for SQL Injection leads to RCE in Wordpress released (CVE-2024-27956). #Clearnet #DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Wordpress #Infosec #CTI #CVE202427956 #Vulnerability

Dark Web Informer

51,367 views • 2 years ago

The first hidden-service RPC on the Anyone Network. See this complete demo of using a fully anonymous RPC with the Rabby Wallet wallet on Sepolia. Your IP, location and metadata are masked by an Anyone circuit, while the RPC host itself is undetectable. Complete freedom and censorship resistance for Ethereum transactions. Protected by Anyone.
0:34

The first hidden-service RPC on the Anyone Network. See this complete demo of using a fully anonymous RPC with the Rabby Wallet wallet on Sepolia. Your IP, location and metadata are masked by an Anyone circuit, while the RPC host itself is undetectable. Complete freedom and censorship resistance for Ethereum transactions. Protected by Anyone.

ANyONe Protocol

127,897 views • 7 months ago

Here goes nginx-quicburst (CVE-2026-42530), a new RCE in Nginx discovered by our security agent VEGA and demonstrated by Nebula Security. This is only the third NGINX vulnerability since 2014 to receive NGINX’s “major” severity rating. If you use Nginx 1.31 with QUIC enabled, we recommend upgrading to the latest version. This bug has been patched in the latest Nginx release. We will publish the technical writeup, including the ASLR bypass, on July 18 together with the previous nginx-poolslip writeup.
0:27

Here goes nginx-quicburst (CVE-2026-42530), a new RCE in Nginx discovered by our security agent VEGA and demonstrated by Nebula Security. This is only the third NGINX vulnerability since 2014 to receive NGINX’s “major” severity rating. If you use Nginx 1.31 with QUIC enabled, we recommend upgrading to the latest version. This bug has been patched in the latest Nginx release. We will publish the technical writeup, including the ASLR bypass, on July 18 together with the previous nginx-poolslip writeup.

Nebula Security

66,262 views • 1 day ago

Monad is fast. Monad with shMonad RPC is really fast. Now, you can experience even more speed on Monad with MetaMask. Follow our tutorial to set up shMonad RPC in your MetaMask wallet:
3:52

Monad is fast. Monad with shMonad RPC is really fast. Now, you can experience even more speed on Monad with MetaMask. Follow our tutorial to set up shMonad RPC in your MetaMask wallet:

FastLane Labs

17,041 views • 11 months ago

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!
17:59

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 views • 2 years ago