FediSecfeeds

https://www.cve.org/CVERecord?id=CVE-2025-14108

##

cR0w@infosec.exchange at 2025-12-05T22:25:39.000Z ##

ZSPACE

##

CVE-2025-14107
(8.8 HIGH)

EPSS: 0.00%

updated 2025-12-05T22:15:49.163000

2 posts

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. T

cR0w at 2025-12-05T22:01:47.023Z ##

ZSPACE

TOZED

##

cR0w@infosec.exchange at 2025-12-05T22:01:47.000Z ##

ZSPACE

TOZED

##

CVE-2025-14106
(8.8 HIGH)

EPSS: 0.00%

updated 2025-12-05T22:15:48.950000

2 posts

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early abou

cR0w at 2025-12-05T22:01:47.023Z ##

ZSPACE

TOZED

##

cR0w@infosec.exchange at 2025-12-05T22:01:47.000Z ##

ZSPACE

TOZED

##

CVE-2025-59775
(7.5 HIGH)

EPSS: 0.02%

updated 2025-12-05T21:31:28

2 posts

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

cR0w at 2025-12-05T14:15:46.824Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

cR0w@infosec.exchange at 2025-12-05T14:15:46.000Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

CVE-2025-55753
(7.5 HIGH)

EPSS: 0.01%

updated 2025-12-05T21:31:27

2 posts

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue

cR0w at 2025-12-05T14:15:46.824Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

cR0w@infosec.exchange at 2025-12-05T14:15:46.000Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

CVE-2025-14105
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-12-05T21:15:53.120000

2 posts

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. The attack can only be done within the local network. The exploit has been publicly disclosed and may be utilized. T

cR0w at 2025-12-05T22:01:47.023Z ##

ZSPACE

TOZED

##

cR0w@infosec.exchange at 2025-12-05T22:01:47.000Z ##

ZSPACE

TOZED

##

CVE-2025-65082
(6.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-05T20:15:57.703000

2 posts

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

cR0w at 2025-12-05T14:15:46.824Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

cR0w@infosec.exchange at 2025-12-05T14:15:46.000Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

https://www.cve.org/CVERecord?id=CVE-2025-53963

##

CVE-2025-53963
(9.8 CRITICAL)

EPSS: 0.02%

updated 2025-12-05T20:15:55.390000

2 posts

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that ar

cR0w at 2025-12-04T15:51:22.479Z ##

I love seeing default creds in a CVE.

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

##

cR0w@infosec.exchange at 2025-12-04T15:51:22.000Z ##

I love seeing default creds in a CVE.

https://www.cve.org/CVERecord?id=CVE-2025-53963

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

##

CVE-2025-66644
(7.2 HIGH)

EPSS: 0.00%

updated 2025-12-05T19:15:53.293000

2 posts

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

cR0w at 2025-12-05T18:59:35.585Z ##

EITW vuln in ArrayOS. Advisory was published Wednesday and updated today, along with the CVE being published, so IDK if it was 0day or quickly exploited after the advisory.

https://www.jpcert.or.jp/at/2025/at250024.html

The DesktopDirect feature of the Array AG series provided by Array Networks contains a command injection vulnerability. If this vulnerability is exploited, an attacker may execute an arbitrary command. At the time of publication of this information, the CVE number for this vulnerability has not been numbered.

Not sure if this is something @Dio9sys and @da_667 are interested in.

Edit to add the CVE number since the description said it isn't available yet: CVE-2025-66644

##

cR0w@infosec.exchange at 2025-12-05T18:59:35.000Z ##

EITW vuln in ArrayOS. Advisory was published Wednesday and updated today, along with the CVE being published, so IDK if it was 0day or quickly exploited after the advisory.

https://www.jpcert.or.jp/at/2025/at250024.html

The DesktopDirect feature of the Array AG series provided by Array Networks contains a command injection vulnerability. If this vulnerability is exploited, an attacker may execute an arbitrary command. At the time of publication of this information, the CVE number for this vulnerability has not been numbered.

Not sure if this is something @Dio9sys and @da_667 are interested in.

Edit to add the CVE number since the description said it isn't available yet: CVE-2025-66644

##

CVE-2025-65346(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-12-05T18:59:02

2 posts

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

1 repos

https://github.com/Theethat-Thamwasin/CVE-2025-65346

cR0w at 2025-12-04T15:50:03.800Z ##

../ in laravel-file-manager.

https://github.com/Theethat-Thamwasin/CVE-2025-65346

##

cR0w@infosec.exchange at 2025-12-04T15:50:03.000Z ##

../ in laravel-file-manager.

https://github.com/Theethat-Thamwasin/CVE-2025-65346

##

CVE-2025-66399
(8.8 HIGH)

EPSS: 0.07%

updated 2025-12-05T18:57:11.903000

1 posts

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environm

jos1264@social.skynetcloud.site at 2025-12-02T19:15:02.000Z ##

CVE-2025-66399 - SNMP Command Injection leads to RCE in Cacti https://cvefeed.io/vuln/detail/CVE-2025-66399

##

CVE-2025-65955
(4.9 MEDIUM)

EPSS: 0.01%

updated 2025-12-05T18:56:23.270000

1 posts

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed m

jos1264@social.skynetcloud.site at 2025-12-03T02:05:02.000Z ##

CVE-2025-65955 - ImageMagick has a use-after-free/double-free risk in Options::fontFamily when clearing family https://cvefeed.io/vuln/detail/CVE-2025-65955

##

CVE-2025-13354
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-12-05T18:41:56.647000

1 posts

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-13354 - Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation https://cvefeed.io/vuln/detail/CVE-2025-13354

##

CVE-2025-13359
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-12-05T18:37:12.593000

1 posts

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-13359 - Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection https://cvefeed.io/vuln/detail/CVE-2025-13359

##

CVE-2025-58098
(8.3 HIGH)

EPSS: 0.00%

updated 2025-12-05T18:32:14

2 posts

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

cR0w at 2025-12-05T14:15:46.824Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

cR0w@infosec.exchange at 2025-12-05T14:15:46.000Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

CVE-2025-66200
(5.4 MEDIUM)

EPSS: 0.02%

updated 2025-12-05T18:15:57.067000

2 posts

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

cR0w at 2025-12-05T14:15:46.824Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

##

cR0w@infosec.exchange at 2025-12-05T14:15:46.000Z ##

Apache HTTP Server 2.4.66 was released yesterday, patching these sev:LOW and sev:MED vulns:

https://github.com/clevernyyyy/CVE-2025-55182-Dockerized

##

CVE-2025-55182
(10.0 CRITICAL)

EPSS: 13.81%

updated 2025-12-05T17:44:58.770000

144 posts

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Nuclei template

100 repos

https://github.com/emadshanab/POC-for-CVE-2025-55182

https://github.com/alexandre-briongos-wavestone/react-cve-2025-55182-lab

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/ZemarKhos/CVE-2025-55182-Exploit-PoC-Scanner

https://github.com/atastycookie/CVE-2025-55182

https://github.com/ducducuc111/CVE-2025-55182-poc

https://github.com/Chelsea486MHz/CVE-2025-55182-test

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/ps-interactive/cve-2025-55182

https://github.com/Airis101/CVE-2025-55182-analysis

https://github.com/Ashwesker/Blackash-CVE-2025-55182

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/hoosin/CVE-2025-55182

https://github.com/im-hanzou/CVE-2025-55182-POC-SCANNER

https://github.com/nehkark/CVE-2025-55182

https://github.com/Rat5ak/CVE-2025-55182-React2Shell-RCE-POC

https://github.com/Sotatek-KhaiNguyen3/CVE-2025-55182

https://github.com/assetnote/react2shell-scanner

https://github.com/SoICT-BKSEC/CVE-2025-55182-docker-lab

https://github.com/GarethMSheldon/React2Shell-CVE-2025-55182-Detector

https://github.com/younesZdDz/CVE-2025-55182

https://github.com/Rsatan/CVE-2025-55182-Tools

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/ngvcanh/CVE-2025-55182-Attack-Analysis

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/zessu/CVE-2025-55182-Typescript

https://github.com/sherlocksecurity/CVE-2025-55182-Exploit-scanner

https://github.com/Pa2sw0rd/exploit-CVE-2025-55182-poc

https://github.com/ceortiz33/CVE-2025-55182

https://github.com/selectarget/CVE-2025-55182-Exploit

https://github.com/hzhsec/cve_2025_55182_test

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/nomorebreach/POC-CVE-2025-55182

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/f0xyx/CVE-2025-55182-Scanner

https://github.com/freeqaz/react2shell

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/NathanJ60/react2shell-interactive

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/XiaomingX/CVE-2025-55182-poc

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/prestonhashworth/cve-2025-55182

https://github.com/nanwinata/CVE-2025-55182-Scanner

https://github.com/oways/React2shell-CVE-2025-55182-checker

https://github.com/hualy13/CVE-2025-55182

https://github.com/aquinn-r7/CVE-2025-55182-VulnCheckPOC

https://github.com/GelukCrab/React-Server-Components-RCE

https://github.com/nerium-security/CVE-2025-55182

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/joshterrill/CVE-2025-55182-realistic-poc

https://github.com/ABCFabian/React2Shell-CVE-2025-55182-Testing-Environment

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/Darker-Ink/react-ssr-vulnerability

https://github.com/carlosaruy/CVE-2025-55182

https://github.com/tlfyyds/cve-2025-55182-getshell

https://github.com/topstar88/CVE-2025-55182

https://github.com/mingyisecurity-lab/CVE-2025-55182-TOOLS

https://github.com/dissy123/cve-2025-55182

https://github.com/RajChowdhury240/React2Shell-CVE-2025-55182

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/alsaut1/react2shell-lab

https://github.com/mrknow001/RSC_Detector

https://github.com/aspen-labs/CVE-2025-55182-checker

https://github.com/shamo0/react2shell-PoC

https://github.com/MedusaSH/POC-CVE-2025-55182

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/0xPThree/cve-2025-55182

https://github.com/m3m0ryc0rrupt/CVE-2025-55182-PoC

https://github.com/ivaavimusic/React19-fix-vibecoders

https://github.com/jctommasi/react2shellVulnApp

https://github.com/sickwell/CVE-2025-55182

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/Atlantis02-sec/Vulnerability-assessment

https://github.com/rl0x01/CVE-2025-55182_PoC

https://github.com/kk12-30/CVE-2025-55182

https://github.com/sh1ro8/react2shell

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/Golden-Secure/CVE-2025-55182

https://github.com/Saturate/CVE-2025-55182-Scanner

https://github.com/zzhorc/CVE-2025-55182

https://github.com/Cr4at0r/Next.js-RCE-Scanner-BurpSuite-Extension-

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/msanft/CVE-2025-55182

https://github.com/TH-SecForge/CVE-2025-55182

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/Pizz33/CVE-2025-55182-burpscanner

DarkWebInformer at 2025-12-05T21:27:24.477Z ##

🚨 CVE-2025-55182: Meta React Server Components Remote Code Execution Vulnerability has been added to the CISA KEV Catalog

Added: 2025-12-05
Vendor: Meta
Product: React Server Components
CVSS: 10

CISA KEV Catalog: https://darkwebinformer.com/cisa-kev-catalog/

Write-up: https://www.vulncheck.com/blog/cve-2025-55182-react-nextjs

##

hrbrmstr@mastodon.social at 2025-12-05T19:46:03.000Z ##

Ooh @censys bringing the deets from the other perspective! https://censys.com/advisory/cve-2025-55182

##

Tinolle at 2025-12-05T19:40:32.532Z ##

Explanation and full RCE PoC for CVE-2025-55182 https://github.com/msanft/CVE-2025-55182

##

AAKL at 2025-12-05T18:01:53.883Z ##

New. Suffer the buffer.

The issue "was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components."

"As part of our ongoing work to protect customers using React against a critical vulnerability, CVE-2025-55182, we started rolling out an increase to our buffer size to 1MB, the default limit allowed by Next.js applications."

Cloudflare: outage on December 5, 2025 https://blog.cloudflare.com/5-december-2025-outage/ @cloudflare #Cloudflare #infosec #React

##

secdb at 2025-12-05T18:00:12.173Z ##

🚨 [CISA-2025:1205] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:1205)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-55182 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-55182)
- Name: Meta React Server Components Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Meta
- Product: React Server Components
- Notes: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20251205 #cisa20251205 #cve_2025_55182 #cve202555182

##

AAKL at 2025-12-05T17:36:35.024Z ##

New.

GreyNoise: CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far @greynoise #infosec #React #threatresearch

##

AAKL at 2025-12-05T17:31:14.165Z ##

CISA has updated the KEV catalogue.

CVE-2025-55182: Meta React Server Components Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-55182

From yesterday:

CISA Launches New Platform to Strengthen Industry Engagement and Collaboration https://www.cisa.gov/news-events/news/cisa-launches-new-platform-strengthen-industry-engagement-and-collaboration #CISA #infosec #Meta #React #vulnerability

##

AAKL at 2025-12-05T17:29:04.425Z ##

Broadcom has two advisories today, one critical, one medium. You'll need a login for details https://support.broadcom.com/web/ecx/security-advisory

Broadcom Mainframe Software Security Advisory for Critical React RCE Vulnerability CVE-2025-55182, and ACF2 for z/OS 16.0 Vulnerability #infosec #Broadcom ##React

##

undercodenews@mastodon.social at 2025-12-05T16:42:54.000Z ##

Critical React2Shell Vulnerability Sparks Global Cybersecurity Alert

A newly discovered vulnerability in React and Next.js applications, known as React2Shell (CVE-2025-55182), is raising alarm across the cybersecurity community. This critical flaw allows remote JavaScript code execution, putting web applications and their users at serious risk. While patches have been released, proof-of-concept (POC) exploits are circulating widely, fueling a surge of attacks from…

https://undercodenews.com/critical-react2shell-vulnerability-sparks-global-cybersecurity-alert/

##

oversecurity@mastodon.social at 2025-12-05T16:40:05.000Z ##

Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say

The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29...

🔗️ [Therecord] https://link.is.it/K0uf5R

##

sans_isc at 2025-12-05T16:39:38.176Z ##

No surprise: We do see active hits of the React Vulnerability (CVE-2025-55182) against our honeypots.

The initial exploit attempts we are seeing originate from the following two IP addresses: 193.142.147.209 and 95.214.52.170. The payloads are either "ping -c 1 45.157.233.80" or "console.log('CVE-2025-55182-VULN')"

If you find an unpatched React app in your environment, you should assume that it has been compromised at this point. Also be careful with apps that may have pinned older versions fo React/Next.js

##

undercodenews@mastodon.social at 2025-12-05T16:33:03.000Z ##

React2Shell: Critical Remote Code Execution Threat Hits Reactjs and Nextjs

React.js, the popular JavaScript library powering interactive user interfaces for millions of web applications, has been hit by a critical security vulnerability. Disclosed by researcher Lachlan Davidson on November 29, 2025, this flaw—tracked as CVE-2025-55182 and dubbed React2Shell—poses a severe risk to server-side implementations of React.js. With a maximum CVSS score of 10.0, the…

https://undercodenews.com/react2shell-critical-remote-code-execution-threat-hits-reactjs-and-nextjs/

##

AAKL at 2025-12-05T16:13:33.493Z ##

AWS, from yesterday: China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

More:

The Hacker News: Chinese Threat Actors Have Started Exploiting the Newly Disclosed React2Shell Vulnerability https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html @thehackernews #infosec #React

##

cR0w at 2025-12-05T16:08:51.910Z ##

Progress Sitefinity Next.js Renderer appears to be vulnerable to this React vuln. React2Shell? Is that what everyone is calling it?

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2025-66478-and-CVE-2025-55182-December-2025

##

bkastl@mastodon.social at 2025-12-05T16:06:47.000Z ##

The PoC of #react2shell from the original author https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc/blob/main/01-submitted-poc.js

##

jschauma@mstdn.social at 2025-12-05T15:16:18.000Z ##

Yesterday, after various bogus AI slopped "PoC"s, eventually a functional PoC for the React RCE emerged:
https://github.com/msanft/CVE-2025-55182

We now have a PoC from the reporter of the vulnerability as well:
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

#react2shell

##

pentesttools at 2025-12-05T15:04:41.913Z ##

📊 39% of cloud environments are vulnerable to React2Shell.

New data from Wiz indicates that nearly 40% of cloud environments contain instances vulnerable to CVE-2025-55182. Even more concerning? 44% of all cloud environments have publicly exposed Next.js instances.

The "secure by design" assumption is working against defenders right now.

✅ Detection is LIVE.

We have updated the Network Vulnerability Scanner in Pentest-Tools.com to help you validate this specific configuration immediately.

As shown in the attached video, you can go from "exposed" to "confirmed" in seconds:

1. Select the Network Scanner

2. Input CVE-2025-55182

3. Get definitive proof with Request/Response evidence

Don't rely on version checks when the exposure surface is this wide.

🔗 Run the detection: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

📜 Vulnerability breakdown: https://pentest-tools.com/vulnerabilities-exploits/react-server-components-remote-code-execution_28260

📈 Data source: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#AppSec #ReactJS #CloudSecurity #React2Shell #InfoSec #VulnerabilityManagement #NextJS

##

cisakevtracker@mastodon.social at 2025-12-05T15:00:50.000Z ##

CVE ID: CVE-2025-55182
Vendor: Meta
Product: React Server Components
Date Added: 2025-12-05
Notes: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-55182

##

hrbrmstr.dev@bsky.brid.gy at 2025-12-05T14:39:08.000Z ##

I had the [mis?]fortune of being awake just as attackers decided to slam the public internet with React2Shell exploits. GreyNoise had a tag up for it yesterday afternoon. Full write-up of the initial spate of attacks: www.greynoise.io/blo... 1/3

CVE-2025-55182 (React2Shell) O...

##

hrbrmstr@mastodon.social at 2025-12-05T14:38:57.000Z ##

I had the [mis?]fortune of being awake just as attackers decided to slam the public internet with React2Shell exploits. GreyNoise had a tag up for it yesterday afternoon.

Full write-up of the initial spate of attacks:
https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far
1/3

##

Nadsec@cyberplace.social at 2025-12-05T14:28:31.000Z ##

Wild

https://github.com/Rat5ak/CVE-2025-55182-React2Shell-RCE-POC

##

allaboutsecurity@mastodon.social at 2025-12-05T14:05:43.000Z ##

React2Shell (CVE-2025-55182): Chinesische Hackergruppen greifen kritische React-Schwachstelle an
Wenige Stunden nach der Veröffentlichung der Schwachstelle CVE-2025-55182 am 3. Dezember 2025 registrierten Sicherheitsforscher von Amazon erste Angriffsversuche. Die unter dem Namen React2Shell bekannt gewordene Lücke erhielt die Höchstbewertung von 10.0 im CVSS-System und ermöglicht die Ausführung von Code ohne Authentifizierung.
https://www.all-about-security.de/react2shell-cve-2025-55182-chinesische-hackergruppen-greifen-kritische-react-schwachstelle-an/

#cve #hackers #aws #cvss #cybersecurity

##

undercodenews@mastodon.social at 2025-12-05T12:21:33.000Z ##

React2Shell Vulnerability Exploited by China-Linked Threat Actors Within Hours

The cybersecurity world is on high alert after a critical vulnerability affecting React and Next.js frameworks, dubbed React2Shell, was publicly disclosed. This flaw, officially tracked as CVE-2025-55182, allows remote execution of JavaScript code on servers without authentication. Alarmingly, multiple China-linked threat actors immediately began exploiting the vulnerability, highlighting…

https://undercodenews.com/react2shell-vulnerability-exploited-by-china-linked-threat-actors-within-hours/

##

oversecurity@mastodon.social at 2025-12-05T11:40:07.000Z ##

React2Shell critical flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after...

🔗️ [Bleepingcomputer] https://link.is.it/jllFod

##

undercodenews@mastodon.social at 2025-12-05T11:33:13.000Z ##

React2Shell CVE-2025-55182: Chinese Threat Groups Exploit Critical React Vulnerability Hours After Disclosure

Introduction Within hours of public disclosure, a critical vulnerability in React Server Components, dubbed React2Shell (CVE-2025-55182), has drawn the attention of state-linked threat actors. Rated with a maximum CVSS score of 10.0, the flaw enables unauthenticated remote code execution in React 19.x and Next.js 15.x/16.x environments. The rapid exploitation…

https://undercodenews.com/react2shell-cve-2025-55182-chinese-threat-groups-exploit-critical-react-vulnerability-hours-after-disclosure/

##

db@social.lol at 2025-12-05T11:04:42.000Z ##

the real React 10.0 CVE proof of concept (not the "AI" proof of slop)

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

##

johl@mastodon.xyz at 2025-12-05T10:27:49.000Z ##

🎅 🌲 💫

Weihnachtlich erstrahlen Gassen
Auf zum Einkauf hasten Massen
Drinnen leuchten Kerzen hell
Nur Systemadministratoren
Lauschen bang dem Netz-Rumoren
Horch! Es naht #React2Shell!

https://aws.amazon.com/de/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

##

cert_fr@social.numerique.gouv.fr at 2025-12-05T10:25:17.000Z ##

⚠️ Alerte CERT-FR ⚠️

Le CERT-FR a connaissance de preuves de concept publiques pour la vulnérabilité CVE-2025-55182 affectant React Server Components et anticipe des exploitations en masse.

https://cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-014

##

bkastl@mastodon.social at 2025-12-05T10:01:11.000Z ##

Hm, das mit React2Shell wird noch etwas arg werden.

https://aws.amazon.com/de/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

##

beyondmachines1 at 2025-12-05T09:01:31.960Z ##

Multiple threat groups are exploiting the critical React/Nex.js vulnerability

Active exploitation i underway for "React2Shell" (CVE-2025-55182), a critical CVSS 10.0 remote code execution vulnerability in React Server Components that allows attackers to abuse unsafe deserialization in the Flight protocol. Organizations must treat this as an emergency event and immediately update.

**THIS IS URGENT: If you're running server side React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers are already hacking your systems. Prioritize patching right now.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/multiple-threat-groups-are-exploiting-the-critical-react-nex-js-vulnerability-3-7-f-7-c/gD2P6Ple2L

##

nopatience@swecyb.com at 2025-12-05T07:42:44.000Z ##

Alleged (by Amazon) active exploitation of React Server Components (RSC) by Chinese threat actors. Has anyone else seen "real" exploitation attempts, not just running the fake PoCs that are out there?

https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

#Vulnerabilities #ThreatIntel #React #CVE_2025_55182

##

undercodenews@mastodon.social at 2025-12-05T06:43:45.000Z ##

New Python Scanner Targets React Server Component Exposure in Nextjs Applications

A powerful new tool has emerged in the cybersecurity space, aimed at helping security teams detect exposed endpoints in modern ReactJS and Next.js applications. Named the CVE-2025-55182 Surface Scanner, this Python-based scanner provides a fast, non-intrusive method to identify potential security gaps in React Server Components (RSC) without performing full-blown exploits. With production…

https://undercodenews.com/new-python-scanner-targets-react-server-component-exposure-in-nextjs-applications/

##

hrbrmstr@mastodon.social at 2025-12-05T06:20:30.000Z ##

FML we have daft 10 IPs slinging the RSC/Next.js exploit along with one of the oddest JA4t hashes I've seen in a while.

someone(s) burned new infra to do so, too.

if any org gets compromised from an opportunistic campaign (like this) they fully deserve the ransomware/breach they get.

https://viz.greynoise.io/tags/react-server-components-unsafe-deserialization-cve-2025-55182-rce-attempt?days=90

##

xssfox@cloudisland.nz at 2025-12-05T02:30:23.000Z ##

Vulnerability Common Schema (replaces old CVE system)

{Product/module name or prefix}{severity number}{exploit type}

For example, CVE-2021-44228 becomes
Log4shell
CVE-2025-55182 becomes
React2shell

Simple.

##

cR0w at 2025-12-04T22:45:12.690Z ##

Cisco published a placeholder advisory for the React vuln CVE-2025-55182. They have not finished analyzing any of their products yet so impact has not been determined.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb

##

oversecurity@mastodon.social at 2025-12-04T18:10:05.000Z ##

Digital Supply Chain Risk: Critical Vulnerability Affecting React Allows for Unauthorized Remote Code Execution

CVE-2025-55182 (VulnDB ID: 428930), is a severe, unauthenticated RCE impacting a major component of React and its ecosystem.

🔗️ [Flashpoint] https://link.is.it/0tc98a

##

mttaggart at 2025-12-04T18:02:22.230Z ##

To be clear, there are no public PoCs of yesterday's React vulnerability (CVE-2025-55182). The one that was being claimed as a POC has been outed as slop. Indeed, they even renamed the repo.

https://redteamnews.com/red-team/cve/critical-react-and-next-js-rce-vulnerability-analysis-of-cve-2025-55182-and-cve-2025-66478/

The first PoCs for these vulns are now always fake.

Watch https://react2shell.com for disclosure from the discoverers.

##

shortridge@hachyderm.io at 2025-12-04T15:59:11.000Z ##

the bad news: lots of sloppity slop PoCs (slopocs???) abounding for the critical pre-auth React RCE

the good news: more time for you to patch your #React & #Nextjs apps ✨

my write up from yesterday on what to know & what to do: https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182

##

RedTeamNews at 2025-12-04T15:19:44.530Z ##

Critical RCE vulnerability (React2shell) found in React Server Components and Next.js. Affects many modern web apps. Patch immediately or deploy WAF rules. Exploitation is imminent.

##

jschauma@mstdn.social at 2025-12-04T13:57:55.000Z ##

Today in "AI ruins everything": AI generated "PoC" for the React RCE CVE-2025-55182, wasting countless defenders' hours, now get included in the CVE references. 🤦‍♂️

At least the co-author alongside the AI has updated the README now:
https://github.com/ejpir/CVE-2025-55182-poc

Looks like the original reporter plans on posting more details at some point in the future here:
https://react2shell.com/

##

moritz at 2025-12-04T11:54:18.063Z ##

Since I started to analyze #CVE-2025-55182 (#React, #NextJS #RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://github.com/msanft/CVE-2025-55182

Feel free to contribute to the search for a proper RCE sink!

##

IT_Fettchen@social.tchncs.de at 2025-12-04T10:44:32.000Z ##

@rotnroll666 Klar. Sonst hätte ich das hier nicht geschrieben. CVE-2025-55182

##

offseq at 2025-12-04T10:33:05.582Z ##

🚨 CVE-2025-55182: CRITICAL React RCE risk for apps using a new feature. No patch yet; exploitation expected. Audit your React usage, enhance monitoring, and prep mitigations now. EU orgs at high risk! https://radar.offseq.com/threat/react2shell-in-the-wild-exploitation-expected-for--b4d27fa6 #OffSeq #ReactJS #RCE #Vulnerability

##

bkastl@mastodon.social at 2025-12-04T09:56:33.000Z ##

@MoritzGlantz https://www.cve.org/CVERecord?id=CVE-2025-55182 React Server Gedöns

##

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

⚠️ Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog

｢ Wiz data indicates that 39% of cloud environments contain instances of Next.js or React in versions vulnerable to CVE-2025-55182 and/or CVE-2025-66478. Regarding Next.js, the framework itself is present in 69% of environments. Notably, 61% of those environments have public applications running Next.js, meaning that 44% of all cloud environments have publicly exposed Next.js instances ｣

##

opennet@fosstodon.su at 2025-12-04T09:00:01.000Z ##

Уязвимость в серверных компонентах React, позволяющая выполнить код на сервере

В серверных компонентах web-фреймворка React (RSC, React Server Components) устранена уязвимость (CVE-2025-55182), позволявшая через отправку запроса к серверному обработчику выполнить произвольный код на сервере. Уязвимости присвоен критический уровень опасности (10 из 10). Уязвимость проявляется в экспериментальных компонентах react-server-dom-webpack.....

Источник: https://www.opennet.ru/opennews/art.shtml?num=64373
Дата: Thu, 04 Dec 2025 11:12:04 +0300

Enjoy.

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Faille critique RCE (CVSS 10) dans React Server Components (CVE-2025-55182) – mises à jour urgentes
📝 Selon react.dev, une vulnérabilité critique permettant une exécution de code à...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-faille-critique-rce-cvss-10-dans-react-server-components-cve-2025-55182-mises-a-jour-urgentes/
🌐 source : https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
#CVE_2025_55182 #CVSS_10_0 #Cyberveille

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Next.js RSC : détection fiable d’une RCE (CVE-2025-55182 & CVE-2025-66478)
📝 Selon Searchlight Cyber (billet de recherche, 4 décembre 2025), une vulnérabilité de type RCE affectan...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-next-js-rsc-detection-fiable-dune-rce-cve-2025-55182-cve-2025-66478/
🌐 source : https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
#CVE_2025_55182_66478 #IOC #Cyberveille

##

beyondmachines1 at 2025-12-04T08:01:31.083Z ##

Critical remote code execution vulnerabilities reported in React and Next.js

React and Next.js have patched two critical remote code execution vulnerabilities (CVE-2025-55182 and CVE-2025-66478) in React Server Components that allow unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests exploiting insecure deserialization. Default configurations are vulnerable with near 100% exploitation reliability.

**If you're running React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers can take complete control of your servers with no authentication needed. Plan a VERY QUICK upgrade to the latest patched versions - this is the only fix available, so prioritize this update now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerabilities-reported-in-react-and-next-js-j-3-6-0-d/gD2P6Ple2L

##

571906@ap.podcastindex.org at 2025-12-04T03:10:12.000Z ##

New Episode: SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

Shownotes:

Attempts to Bypass CDNs
Our honeypots recently started receiving scans that included CDN specific headers.
https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532
React Vulnerability CVE-2025-55182
React patched a critical

Transcript

Or Listen right here.

##

_r_netsec at 2025-12-04T07:13:06.648Z ##

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

##

adam@adamm.cc at 2025-12-04T06:51:33.000Z ##

Yikes. I always hate the damn red alert anxiety feeling I get when I read articles like the one linked. Its always that time between when something is publically disclosed, and when all packages and dependencies are patched an upgraded when likelihood of attack is highest, and obviously most possible. These two perfect 10/10 CVEs sure look like a doozy. No doubt hundreds of thousands of major things depend on these other major things, and likely hundreds of thousands of more things include them as dependencies or resource-wasting function packs, regardless of whether or not they are actually needed, and even some software puts these components in the chain, even when they're not actively being used.
And the exploit, with nearly 100% success-rate on all affected systems? A simple specially-crafted HTTP request.
https://www.aikido.dev/blog/react-nextjs-cve-2025-55182-rce

##

yogthos@social.marxist.network at 2025-12-04T05:42:49.000Z ##

A maximum-severity vulnerability in React could enable remote code execution (RCE), and may affect more than a third of cloud service providers.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#javascript #react #security #programmig

##

technews@eicker.news at 2025-12-04T05:08:00.000Z ##

A #criticalsecurityflaw (CVE-2025-55182) in #ReactServerComponents (#RSC) allows unauthenticated remote code execution. The vulnerability, impacting #React and #Nextjs, stems from unsafe payload processing and affects multiple versions of various packages. Users are advised to apply the available #patches immediately. https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html?eicker.news #tech #media #news

##

ben@shit.herewegoaga.in at 2025-12-04T05:05:33.000Z ##

Ouch...

https://www.cve.org/CVERecord?id=CVE-2025-55182

https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/

##

offseq at 2025-12-04T04:33:13.068Z ##

⚠️ CRITICAL RCE in React Server Components & Next.js (CVE-2025-55182, CVSS 10.0): Unauthenticated attackers can execute code via unsafe deserialization. Patch React & Next.js now! Details: https://radar.offseq.com/threat/critical-rsc-bugs-in-react-and-nextjs-allow-unauth-4e911b0c #OffSeq #ReactJS #NextJS #RCE #InfoSec

##

awssecurityfeed at 2025-12-04T04:30:00.885Z ##

CVE-2025-66478: RCE in React Server Components

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight...

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

hal_pomeranz at 2025-12-04T00:29:25.817Z ##

LoL. Yep, my first thought is that this new React vuln is going to generate a lot of IR business. I am going to hell.

##

wav3 at 2025-12-03T22:39:14.262Z ##

Happy Holidays Everyone!

https://www.upwind.io/feed/critical-security-alert-unauthenticated-rce-in-react-next-js-cve-2025-55182-cve-2025-66478

#cybersecurity #vulnerability #cve

##

hackernewsrobot@mastodon.social at 2025-12-03T22:16:12.000Z ##

Critical RCE Vulnerabilities in React and Next.js https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

avuko at 2025-12-03T21:45:40.258Z ##

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages -

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

It's worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

#REACTjs #NEXTjs #infosec #cybersecurity #CVE202566478 #CVE202555182 #ShitIsOnFireYo

##

bkoehn@hachyderm.io at 2025-12-03T21:26:00.000Z ##

As vulnerabilities go, a 10 is as bad as it gets. If you use #React or one of its derivatives (e.g., #Nextjs) you should upgrade Right. Now.

https://www.cve.org/CVERecord?id=CVE-2025-55182

##

adulau at 2025-12-03T19:57:37.329Z ##

“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.“

#vulnerability #react #cybersecurity #cve

https://vulnerability.circl.lu/vuln/CVE-2025-55182

##

macdonst@mastodon.online at 2025-12-03T18:52:33.000Z ##

There is currently an incident at work due to the remote code execution vulnerability in React (see CVE-2025-55182).

Co-worker: How long will it take to patch the dev server UI?
Me: It's not affected.
Co-worker: How can it not be affected if it uses React?
Me:

##

nopatience@swecyb.com at 2025-12-03T18:43:13.000Z ##

This seems bad:

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

https://www.aikido.dev/blog/react-nextjs-cve-2025-55182-rce

Right?

#Cybersecurity #Infosec #Vulnerabilities #CVE_202555182

##

dkegel at 2025-12-03T18:01:06.083Z ##

Do you use react? If so, you might want to update. See https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

ngate@mastodon.social at 2025-12-03T17:35:18.000Z ##

Breaking news: 🚨 #React and Next.js are now less secure than a chocolate teapot! 🍫☕️ Apparently, if you remember how to run `createnextapp`, you might be seconds away from becoming a hacker's best friend. The solution? #Patch like your life depends on it! 🛠️💻
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 #Nextjs #Security #Vulnerability #HackerNews #HackerNews #ngated

##

zachleat@zachleat.com at 2025-12-03T17:27:08.000Z ##

For interested folks, here’s the React PR that fixes CVE-2025-55182 affecting React Server Components (CVSS 10.0 Critical Severity): https://github.com/facebook/react/pull/35277

Blog post: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

> Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

##

hn100@social.lansky.name at 2025-12-03T17:25:09.000Z ##

Critical RCE Vulnerabilities in React and Next.js

Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Discussion: https://news.ycombinator.com/item?id=46136067

##

h4ckernews@mastodon.social at 2025-12-03T17:17:23.000Z ##

Critical RCE Vulnerabilities in React and Next.js

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#HackerNews #CriticalRCE #Vulnerabilities #React #Nextjs #Cybersecurity #Vulnerabilities #CVE-2025-55182

##

AAKL at 2025-12-03T17:02:59.823Z ##

New.

This relates to CVE-2025-55182 and CVE-2025-66478. Wiz: Critical Vulnerabilities in React and Next.js: everything you need to know https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 @wiz #infosec #vulnerabilities #threatresearch

##

newsycombinator@framapiaf.org at 2025-12-03T17:00:29.000Z ##

Critical RCE Vulnerabilities in React and Next.js
Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Comments: https://news.ycombinator.com/item?id=46136067

##

mttaggart at 2025-12-03T16:49:42.648Z ##

RCE in React Server Components, impacting React and Next.js. I usually don't say this, but patch right freakin' now. The React CVE listing (CVE-2025-55182) is a perfect 10.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://nextjs.org/blog/CVE-2025-66478

##

harrysintonen at 2025-12-03T16:48:13.714Z ##

There is an unauthenticated remote code execution vulnerability in React Server Components by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. This vulnerability is tracked as CVE-2025-55182.

Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:

- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack

Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.

source: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

#reactjs #CVE_2025_55182 #cybersecurity #infosec

##

hn50@social.lansky.name at 2025-12-03T16:40:06.000Z ##

Critical RCE Vulnerabilities in React and Next.js

Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Discussion: https://news.ycombinator.com/item?id=46136067

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

##

Emily at 2025-12-03T16:39:57.794Z ##

@Weld I see this blog post from them: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-12-03T16:25:26.000Z ##

Critical RCE Vulnerabilities in React and Next.js
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
#ycombinator

##

GossiTheDog@cyberplace.social at 2025-12-03T16:24:50.000Z ##

There is an unauthenticated remote code execution vulnerability in React Server Components.

Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

If your app’s React code does not use a server, your app is not affected by this vulnerability.

CVE-2025-55182

Mastodon server not impacted btw.

##

CuratedHackerNews@mastodon.social at 2025-12-03T16:23:03.000Z ##

Critical RCE Vulnerabilities in React and Next.js

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

https://www.facebook.com/security/advisories/cve-2025-55182

##

hnbot@chrispelli.fun at 2025-12-03T16:20:27.000Z ##

Critical RCE Vulnerabilities in React and Next.js - https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#hackernews

##

cR0w at 2025-12-03T15:56:45.401Z ##

Oh Hell yeah. Perfect 10 in React Server Components. 🥳

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

##

jschauma@mstdn.social at 2025-12-03T15:55:53.000Z ##

"We did a number of refactors [...] This also fixes a critical security vulnerability." 👀

CVE-2025-55182, an RCE in React Server Components just landed:

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Enjoy your patching, and make sure to check your bundled frameworks and dependencies.

Here's the commit:
https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700

##

DarkWebInformer@infosec.exchange at 2025-12-05T21:27:24.000Z ##

🚨 CVE-2025-55182: Meta React Server Components Remote Code Execution Vulnerability has been added to the CISA KEV Catalog

Added: 2025-12-05
Vendor: Meta
Product: React Server Components
CVSS: 10

CISA KEV Catalog: https://darkwebinformer.com/cisa-kev-catalog/

Write-up: https://www.vulncheck.com/blog/cve-2025-55182-react-nextjs

##

hrbrmstr@mastodon.social at 2025-12-05T19:46:03.000Z ##

Ooh @censys bringing the deets from the other perspective! https://censys.com/advisory/cve-2025-55182

##

AAKL@infosec.exchange at 2025-12-05T18:01:53.000Z ##

New. Suffer the buffer.

The issue "was triggered by changes being made to our body parsing logic while attempting to detect and mitigate an industry-wide vulnerability disclosed this week in React Server Components."

"As part of our ongoing work to protect customers using React against a critical vulnerability, CVE-2025-55182, we started rolling out an increase to our buffer size to 1MB, the default limit allowed by Next.js applications."

Cloudflare: outage on December 5, 2025 https://blog.cloudflare.com/5-december-2025-outage/ @cloudflare #Cloudflare #infosec #React

##

AAKL@infosec.exchange at 2025-12-05T17:36:35.000Z ##

New.

GreyNoise: CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far @greynoise #infosec #React #threatresearch

##

AAKL@infosec.exchange at 2025-12-05T17:31:14.000Z ##

CISA has updated the KEV catalogue.

CVE-2025-55182: Meta React Server Components Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-55182

From yesterday:

CISA Launches New Platform to Strengthen Industry Engagement and Collaboration https://www.cisa.gov/news-events/news/cisa-launches-new-platform-strengthen-industry-engagement-and-collaboration #CISA #infosec #Meta #React #vulnerability

##

AAKL@infosec.exchange at 2025-12-05T17:29:04.000Z ##

Broadcom has two advisories today, one critical, one medium. You'll need a login for details https://support.broadcom.com/web/ecx/security-advisory

Broadcom Mainframe Software Security Advisory for Critical React RCE Vulnerability CVE-2025-55182, and ACF2 for z/OS 16.0 Vulnerability #infosec #Broadcom ##React

##

oversecurity@mastodon.social at 2025-12-05T16:40:05.000Z ##

Chinese hackers exploiting React2Shell bug impacting countless websites, Amazon researchers say

The bug, tagged as CVE-2025-55182 and referred to colloquially as React2Shell, was reported to Meta by researcher Lachlan Davidson on November 29...

🔗️ [Therecord] https://link.is.it/K0uf5R

##

sans_isc@infosec.exchange at 2025-12-05T16:39:38.000Z ##

No surprise: We do see active hits of the React Vulnerability (CVE-2025-55182) against our honeypots.

The initial exploit attempts we are seeing originate from the following two IP addresses: 193.142.147.209 and 95.214.52.170. The payloads are either "ping -c 1 45.157.233.80" or "console.log('CVE-2025-55182-VULN')"

If you find an unpatched React app in your environment, you should assume that it has been compromised at this point. Also be careful with apps that may have pinned older versions fo React/Next.js

##

AAKL@infosec.exchange at 2025-12-05T16:13:33.000Z ##

AWS, from yesterday: China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

More:

The Hacker News: Chinese Threat Actors Have Started Exploiting the Newly Disclosed React2Shell Vulnerability https://thehackernews.com/2025/12/chinese-hackers-have-started-exploiting.html @thehackernews #infosec #React

##

cR0w@infosec.exchange at 2025-12-05T16:08:51.000Z ##

Progress Sitefinity Next.js Renderer appears to be vulnerable to this React vuln. React2Shell? Is that what everyone is calling it?

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2025-66478-and-CVE-2025-55182-December-2025

##

bkastl@mastodon.social at 2025-12-05T16:06:47.000Z ##

The PoC of #react2shell from the original author https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc/blob/main/01-submitted-poc.js

##

jschauma@mstdn.social at 2025-12-05T15:16:18.000Z ##

Yesterday, after various bogus AI slopped "PoC"s, eventually a functional PoC for the React RCE emerged:
https://github.com/msanft/CVE-2025-55182

We now have a PoC from the reporter of the vulnerability as well:
https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

#react2shell

##

pentesttools@infosec.exchange at 2025-12-05T15:04:41.000Z ##

📊 39% of cloud environments are vulnerable to React2Shell.

New data from Wiz indicates that nearly 40% of cloud environments contain instances vulnerable to CVE-2025-55182. Even more concerning? 44% of all cloud environments have publicly exposed Next.js instances.

The "secure by design" assumption is working against defenders right now.

✅ Detection is LIVE.

We have updated the Network Vulnerability Scanner in Pentest-Tools.com to help you validate this specific configuration immediately.

As shown in the attached video, you can go from "exposed" to "confirmed" in seconds:

1. Select the Network Scanner

2. Input CVE-2025-55182

3. Get definitive proof with Request/Response evidence

Don't rely on version checks when the exposure surface is this wide.

🔗 Run the detection: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

📜 Vulnerability breakdown: https://pentest-tools.com/vulnerabilities-exploits/react-server-components-remote-code-execution_28260

📈 Data source: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#AppSec #ReactJS #CloudSecurity #React2Shell #InfoSec #VulnerabilityManagement #NextJS

##

cisakevtracker@mastodon.social at 2025-12-05T15:00:50.000Z ##

CVE ID: CVE-2025-55182
Vendor: Meta
Product: React Server Components
Date Added: 2025-12-05
Notes: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-55182

##

hrbrmstr@mastodon.social at 2025-12-05T14:38:57.000Z ##

I had the [mis?]fortune of being awake just as attackers decided to slam the public internet with React2Shell exploits. GreyNoise had a tag up for it yesterday afternoon.

Full write-up of the initial spate of attacks:
https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far
1/3

##

oversecurity@mastodon.social at 2025-12-05T11:40:07.000Z ##

React2Shell critical flaw actively exploited in China-linked attacks

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after...

🔗️ [Bleepingcomputer] https://link.is.it/jllFod

##

johl@mastodon.xyz at 2025-12-05T10:27:49.000Z ##

🎅 🌲 💫

Weihnachtlich erstrahlen Gassen
Auf zum Einkauf hasten Massen
Drinnen leuchten Kerzen hell
Nur Systemadministratoren
Lauschen bang dem Netz-Rumoren
Horch! Es naht #React2Shell!

https://aws.amazon.com/de/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

##

cert_fr@social.numerique.gouv.fr at 2025-12-05T10:25:17.000Z ##

⚠️ Alerte CERT-FR ⚠️

Le CERT-FR a connaissance de preuves de concept publiques pour la vulnérabilité CVE-2025-55182 affectant React Server Components et anticipe des exploitations en masse.

https://cert.ssi.gouv.fr/alerte/CERTFR-2025-ALE-014

##

bkastl@mastodon.social at 2025-12-05T10:01:11.000Z ##

Hm, das mit React2Shell wird noch etwas arg werden.

https://aws.amazon.com/de/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

##

beyondmachines1@infosec.exchange at 2025-12-05T09:01:31.000Z ##

Multiple threat groups are exploiting the critical React/Nex.js vulnerability

Active exploitation i underway for "React2Shell" (CVE-2025-55182), a critical CVSS 10.0 remote code execution vulnerability in React Server Components that allows attackers to abuse unsafe deserialization in the Flight protocol. Organizations must treat this as an emergency event and immediately update.

**THIS IS URGENT: If you're running server side React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers are already hacking your systems. Prioritize patching right now.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/multiple-threat-groups-are-exploiting-the-critical-react-nex-js-vulnerability-3-7-f-7-c/gD2P6Ple2L

##

nopatience@swecyb.com at 2025-12-05T07:42:44.000Z ##

Alleged (by Amazon) active exploitation of React Server Components (RSC) by Chinese threat actors. Has anyone else seen "real" exploitation attempts, not just running the fake PoCs that are out there?

https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/

#Vulnerabilities #ThreatIntel #React #CVE_2025_55182

##

hrbrmstr@mastodon.social at 2025-12-05T06:20:30.000Z ##

FML we have daft 10 IPs slinging the RSC/Next.js exploit along with one of the oddest JA4t hashes I've seen in a while.

someone(s) burned new infra to do so, too.

if any org gets compromised from an opportunistic campaign (like this) they fully deserve the ransomware/breach they get.

https://viz.greynoise.io/tags/react-server-components-unsafe-deserialization-cve-2025-55182-rce-attempt?days=90

##

xssfox@cloudisland.nz at 2025-12-05T02:30:23.000Z ##

Vulnerability Common Schema (replaces old CVE system)

{Product/module name or prefix}{severity number}{exploit type}

For example, CVE-2021-44228 becomes
Log4shell
CVE-2025-55182 becomes
React2shell

Simple.

##

cR0w@infosec.exchange at 2025-12-04T22:45:12.000Z ##

Cisco published a placeholder advisory for the React vuln CVE-2025-55182. They have not finished analyzing any of their products yet so impact has not been determined.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-react-flight-TYw32Ddb

##

oversecurity@mastodon.social at 2025-12-04T18:10:05.000Z ##

Digital Supply Chain Risk: Critical Vulnerability Affecting React Allows for Unauthorized Remote Code Execution

CVE-2025-55182 (VulnDB ID: 428930), is a severe, unauthenticated RCE impacting a major component of React and its ecosystem.

🔗️ [Flashpoint] https://link.is.it/0tc98a

##

mttaggart@infosec.exchange at 2025-12-04T18:02:22.000Z ##

To be clear, there are no public PoCs of yesterday's React vulnerability (CVE-2025-55182). The one that was being claimed as a POC has been outed as slop. Indeed, they even renamed the repo.

The first PoCs for these vulns are now always fake.

Watch https://react2shell.com for disclosure from the discoverers.

##

shortridge@hachyderm.io at 2025-12-04T15:59:11.000Z ##

the bad news: lots of sloppity slop PoCs (slopocs???) abounding for the critical pre-auth React RCE

the good news: more time for you to patch your #React & #Nextjs apps ✨

my write up from yesterday on what to know & what to do: https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182

##

jschauma@mstdn.social at 2025-12-04T13:57:55.000Z ##

Today in "AI ruins everything": AI generated "PoC" for the React RCE CVE-2025-55182, wasting countless defenders' hours, now get included in the CVE references. 🤦‍♂️

At least the co-author alongside the AI has updated the README now:
https://github.com/ejpir/CVE-2025-55182-poc

Looks like the original reporter plans on posting more details at some point in the future here:
https://react2shell.com/

##

moritz@infosec.exchange at 2025-12-04T11:54:18.000Z ##

Since I started to analyze #CVE-2025-55182 (#React, #NextJS #RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://github.com/msanft/CVE-2025-55182

Feel free to contribute to the search for a proper RCE sink!

##

IT_Fettchen@social.tchncs.de at 2025-12-04T10:44:32.000Z ##

@rotnroll666 Klar. Sonst hätte ich das hier nicht geschrieben. CVE-2025-55182

##

bkastl@mastodon.social at 2025-12-04T09:56:33.000Z ##

@MoritzGlantz https://www.cve.org/CVERecord?id=CVE-2025-55182 React Server Gedöns

##

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

⚠️ Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog

｢ Wiz data indicates that 39% of cloud environments contain instances of Next.js or React in versions vulnerable to CVE-2025-55182 and/or CVE-2025-66478. Regarding Next.js, the framework itself is present in 69% of environments. Notably, 61% of those environments have public applications running Next.js, meaning that 44% of all cloud environments have publicly exposed Next.js instances ｣

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Next.js RSC : détection fiable d’une RCE (CVE-2025-55182 & CVE-2025-66478)
📝 Selon Searchlight Cyber (billet de recherche, 4 décembre 2025), une vulnérabilité de type RCE affectan...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-next-js-rsc-detection-fiable-dune-rce-cve-2025-55182-cve-2025-66478/
🌐 source : https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
#CVE_2025_55182_66478 #IOC #Cyberveille

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Faille critique RCE (CVSS 10) dans React Server Components (CVE-2025-55182) – mises à jour urgentes
📝 Selon react.dev, une vulnérabilité critique permettant une exécution de code à...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-faille-critique-rce-cvss-10-dans-react-server-components-cve-2025-55182-mises-a-jour-urgentes/
🌐 source : https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
#CVE_2025_55182 #CVSS_10_0 #Cyberveille

##

beyondmachines1@infosec.exchange at 2025-12-04T08:01:31.000Z ##

Critical remote code execution vulnerabilities reported in React and Next.js

React and Next.js have patched two critical remote code execution vulnerabilities (CVE-2025-55182 and CVE-2025-66478) in React Server Components that allow unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests exploiting insecure deserialization. Default configurations are vulnerable with near 100% exploitation reliability.

**If you're running React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers can take complete control of your servers with no authentication needed. Plan a VERY QUICK upgrade to the latest patched versions - this is the only fix available, so prioritize this update now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerabilities-reported-in-react-and-next-js-j-3-6-0-d/gD2P6Ple2L

##

_r_netsec@infosec.exchange at 2025-12-04T07:13:06.000Z ##

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

##

adam@adamm.cc at 2025-12-04T06:51:33.000Z ##

Yikes. I always hate the damn red alert anxiety feeling I get when I read articles like the one linked. Its always that time between when something is publically disclosed, and when all packages and dependencies are patched an upgraded when likelihood of attack is highest, and obviously most possible. These two perfect 10/10 CVEs sure look like a doozy. No doubt hundreds of thousands of major things depend on these other major things, and likely hundreds of thousands of more things include them as dependencies or resource-wasting function packs, regardless of whether or not they are actually needed, and even some software puts these components in the chain, even when they're not actively being used.
And the exploit, with nearly 100% success-rate on all affected systems? A simple specially-crafted HTTP request.
https://www.aikido.dev/blog/react-nextjs-cve-2025-55182-rce

##

yogthos@social.marxist.network at 2025-12-04T05:42:49.000Z ##

A maximum-severity vulnerability in React could enable remote code execution (RCE), and may affect more than a third of cloud service providers.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#javascript #react #security #programmig

##

Reverse-Engineering@activitypub.awakari.com at 2025-12-04T04:47:45.000Z ## CVE-2025-55182 - React exploit - brown alert time? Just reading up on this.... and starting to sweat about the vast quantity of react and react-based frameworks that are impacted from what appears ...

#r/sysadmin

Origin | Interest | Match ##

technews@eicker.news at 2025-12-04T05:08:00.000Z ##

A #criticalsecurityflaw (CVE-2025-55182) in #ReactServerComponents (#RSC) allows unauthenticated remote code execution. The vulnerability, impacting #React and #Nextjs, stems from unsafe payload processing and affects multiple versions of various packages. Users are advised to apply the available #patches immediately. https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html?eicker.news #tech #media #news

##

awssecurityfeed@infosec.exchange at 2025-12-04T04:30:00.000Z ##

CVE-2025-66478: RCE in React Server Components

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight...

https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

us@newsbeep.org at 2025-12-04T03:40:12.000Z ##

Admins and defenders gird themselves against maximum-severity server vuln

“I usually don’t say this, but patch right freakin’ now,” one researcher wrote. “The React CVE listing (CVE-2025-55182)…
#NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Technology
https://www.newsbeep.com/us/329246/

##

hal_pomeranz@infosec.exchange at 2025-12-04T00:29:25.000Z ##

LoL. Yep, my first thought is that this new React vuln is going to generate a lot of IR business. I am going to hell.

##

hackernewsrobot@mastodon.social at 2025-12-03T22:16:12.000Z ##

Critical RCE Vulnerabilities in React and Next.js https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

avuko@infosec.exchange at 2025-12-03T21:45:40.000Z ##

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages -

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

It's worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

#REACTjs #NEXTjs #infosec #cybersecurity #CVE202566478 #CVE202555182 #ShitIsOnFireYo

##

adulau@infosec.exchange at 2025-12-03T19:57:37.000Z ##

“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.“

#vulnerability #react #cybersecurity #cve

https://vulnerability.circl.lu/vuln/CVE-2025-55182

##

macdonst@mastodon.online at 2025-12-03T18:52:33.000Z ##

There is currently an incident at work due to the remote code execution vulnerability in React (see CVE-2025-55182).

Co-worker: How long will it take to patch the dev server UI?
Me: It's not affected.
Co-worker: How can it not be affected if it uses React?
Me:

##

nopatience@swecyb.com at 2025-12-03T18:43:13.000Z ##

This seems bad:

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

https://www.aikido.dev/blog/react-nextjs-cve-2025-55182-rce

Right?

#Cybersecurity #Infosec #Vulnerabilities #CVE_202555182

##

zachleat@zachleat.com at 2025-12-03T17:27:08.000Z ##

For interested folks, here’s the React PR that fixes CVE-2025-55182 affecting React Server Components (CVSS 10.0 Critical Severity): https://github.com/facebook/react/pull/35277

Blog post: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

> Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

##

hn100@social.lansky.name at 2025-12-03T17:25:09.000Z ##

Critical RCE Vulnerabilities in React and Next.js

Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Discussion: https://news.ycombinator.com/item?id=46136067

##

h4ckernews@mastodon.social at 2025-12-03T17:17:23.000Z ##

Critical RCE Vulnerabilities in React and Next.js

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

#HackerNews #CriticalRCE #Vulnerabilities #React #Nextjs #Cybersecurity #Vulnerabilities #CVE-2025-55182

##

AAKL@infosec.exchange at 2025-12-03T17:02:59.000Z ##

New.

This relates to CVE-2025-55182 and CVE-2025-66478. Wiz: Critical Vulnerabilities in React and Next.js: everything you need to know https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 @wiz #infosec #vulnerabilities #threatresearch

##

newsycombinator@framapiaf.org at 2025-12-03T17:00:29.000Z ##

Critical RCE Vulnerabilities in React and Next.js
Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Comments: https://news.ycombinator.com/item?id=46136067

##

mttaggart@infosec.exchange at 2025-12-03T16:49:42.000Z ##

RCE in React Server Components, impacting React and Next.js. I usually don't say this, but patch right freakin' now. The React CVE listing (CVE-2025-55182) is a perfect 10.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://nextjs.org/blog/CVE-2025-66478

##

harrysintonen@infosec.exchange at 2025-12-03T16:48:13.000Z ##

There is an unauthenticated remote code execution vulnerability in React Server Components by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. This vulnerability is tracked as CVE-2025-55182.

Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:

- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack

Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.

source: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

#reactjs #CVE_2025_55182 #cybersecurity #infosec

##

hn50@social.lansky.name at 2025-12-03T16:40:06.000Z ##

Critical RCE Vulnerabilities in React and Next.js

Link: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
Discussion: https://news.ycombinator.com/item?id=46136067

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

##

Emily@infosec.exchange at 2025-12-03T16:39:57.000Z ##

@Weld I see this blog post from them: https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-12-03T16:25:26.000Z ##

Critical RCE Vulnerabilities in React and Next.js
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
#ycombinator

##

GossiTheDog@cyberplace.social at 2025-12-03T16:24:50.000Z ##

There is an unauthenticated remote code execution vulnerability in React Server Components.

Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.

If your app’s React code does not use a server, your app is not affected by this vulnerability.

CVE-2025-55182

Mastodon server not impacted btw.

##

CuratedHackerNews@mastodon.social at 2025-12-03T16:23:03.000Z ##

Critical RCE Vulnerabilities in React and Next.js

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

https://www.facebook.com/security/advisories/cve-2025-55182

##

cR0w@infosec.exchange at 2025-12-03T15:56:45.000Z ##

Oh Hell yeah. Perfect 10 in React Server Components. 🥳

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

##

jschauma@mstdn.social at 2025-12-03T15:55:53.000Z ##

"We did a number of refactors [...] This also fixes a critical security vulnerability." 👀

CVE-2025-55182, an RCE in React Server Components just landed:

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Enjoy your patching, and make sure to check your bundled frameworks and dependencies.

Here's the commit:
https://github.com/facebook/react/commit/7dc903cd29dac55efb4424853fd0442fef3a8700

##

CVE-2025-14104
(6.1 MEDIUM)

EPSS: 0.00%

updated 2025-12-05T17:16:03.117000

2 posts

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

cR0w at 2025-12-05T16:41:15.035Z ##

Hi, my name is cR0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000w

https://access.redhat.com/security/cve/cve-2025-14104

##

cR0w@infosec.exchange at 2025-12-05T16:41:15.000Z ##

Hi, my name is cR0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000w

https://access.redhat.com/security/cve/cve-2025-14104

##

CVE-2025-14094
(4.7 MEDIUM)

EPSS: 0.00%

updated 2025-12-05T17:16:02.917000

2 posts

A flaw has been found in Edimax BR-6478AC V3 1.0.15. The affected element is the function sub_44CCE4 of the file /boafrm/formSysCmd. This manipulation of the argument sysCmd causes os command injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

cR0w at 2025-12-05T17:18:38.517Z ##

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-14094

https://www.cve.org/CVERecord?id=CVE-2025-14094

##

cR0w@infosec.exchange at 2025-12-05T17:18:38.000Z ##

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-14093

##

CVE-2025-14093
(4.7 MEDIUM)

EPSS: 0.00%

updated 2025-12-05T17:16:02.713000

2 posts

A vulnerability was detected in Edimax BR-6478AC V3 1.0.15. Impacted is the function sub_416990 of the file /boafrm/formTracerouteDiagnosticRun. The manipulation of the argument host results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

cR0w at 2025-12-05T16:53:25.359Z ##

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-14093

##

cR0w@infosec.exchange at 2025-12-05T16:53:25.000Z ##

Edimax

https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730

##

CVE-2025-33211
(7.5 HIGH)

EPSS: 0.04%

updated 2025-12-05T16:33:46.797000

1 posts

NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.

AAKL@infosec.exchange at 2025-12-02T17:18:52.000Z ##

Two new advisories from Nvidia, both high severity:

- CVE-2025-33211 and CVE-2025-33201: NVIDIA Triton Inference Server https://nvidia.custhelp.com/app/answers/detail/a_id/5734

- CVE-2025-33208: NVIDIA TAO https://nvidia.custhelp.com/app/answers/detail/a_id/5730 #Nvidia #infosec #vulnerability

##

CVE-2025-65730
(0 None)

EPSS: 0.00%

updated 2025-12-05T16:15:50.773000

2 posts

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.

cR0w at 2025-12-05T15:39:42.552Z ##

Hardcoded JWT secret in something called GoAway. It appears to be a similar project to Pihole.

##

cR0w@infosec.exchange at 2025-12-05T15:39:42.000Z ##

Hardcoded JWT secret in something called GoAway. It appears to be a similar project to Pihole.

https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730

##

CVE-2025-14092
(4.7 MEDIUM)

EPSS: 0.00%

updated 2025-12-05T16:15:49.540000

2 posts

A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in

cR0w at 2025-12-05T16:13:10.990Z ##

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-14092

https://www.cve.org/CVERecord?id=CVE-2025-14092

##

cR0w@infosec.exchange at 2025-12-05T16:13:10.000Z ##

Edimax

https://www.cve.org/CVERecord?id=CVE-2025-1547

##

CVE-2025-66222
(9.6 CRITICAL)

EPSS: 0.15%

updated 2025-12-05T15:37:59.973000

1 posts

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Execution (RCE) by registering and starting a malicious

offseq at 2025-12-04T03:03:03.856Z ##

🚨 CVE-2025-66222 (CRITICAL, CVSS 9.7): ThinkInAIXYZ deepchat <0.5.0 exposes stored XSS in Mermaid diagrams, leading to RCE via Electron IPC. Patch to 0.5.0+, restrict untrusted content, and monitor for abuse! https://radar.offseq.com/threat/cve-2025-66222-cwe-94-improper-control-of-generati-ddf80d66 #OffSeq #Vuln #AI #Security

##

CVE-2025-13946
(5.5 MEDIUM)

EPSS: 0.01%

updated 2025-12-05T15:10:25.093000

1 posts

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-13946 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark https://cvefeed.io/vuln/detail/CVE-2025-13946

##

CVE-2025-13614
(8.1 HIGH)

EPSS: 0.03%

updated 2025-12-05T12:30:19

1 posts

The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that w

offseq at 2025-12-05T10:03:47.009Z ##

⚠️ CVE-2025-13614: HIGH-severity stored XSS in wpkube Cool Tag Cloud plugin (all versions). Authenticated contributors can inject malicious JS via shortcode, risking credential theft & site compromise. Audit permissions & monitor usage. Details: https://radar.offseq.com/threat/cve-2025-13614-cwe-79-improper-neutralization-of-i-7f71da3c #OffSeq #WordPress #XSS

##

CVE-2025-12850
(7.5 HIGH)

EPSS: 0.06%

updated 2025-12-05T07:16:11.350000

1 posts

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can

offseq at 2025-12-05T08:33:51.385Z ##

🚨 CVE-2025-12850: HIGH severity SQL Injection in My auctions allegro WordPress plugin (all versions ≤3.6.32). Unauthenticated attackers can extract sensitive DB data. Patch when available, use WAF/input validation now. Details: https://radar.offseq.com/threat/cve-2025-12850-cwe-89-improper-neutralization-of-s-a9c55820 #OffSeq #WordPress #Vuln

##

CVE-2025-12374
(9.8 CRITICAL)

EPSS: 0.19%

updated 2025-12-05T07:16:11.117000

1 posts

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_verification_form_wrap_process_otpLogin" function. Thi

offseq at 2025-12-05T07:03:55.463Z ##

🔥 CRITICAL: CVE-2025-12374 in 'User Verification by PickPlugins' (WP, ≤2.0.39) allows auth bypass via empty OTP—admin takeover possible. Disable plugin or implement WAF rules until patched! https://radar.offseq.com/threat/cve-2025-12374-cwe-287-improper-authentication-in--8c3c4127 #OffSeq #WordPress #CVE202512374

##

CVE-2025-13066
(8.8 HIGH)

EPSS: 0.10%

updated 2025-12-05T06:31:32

1 posts

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitra

offseq at 2025-12-05T04:03:36.980Z ##

🚨 CVE-2025-13066: HIGH severity vuln in kraftplugins Demo Importer Plus (all versions). Author+ users can upload dangerous files & trigger RCE. No patch yet—restrict access, monitor uploads, use WAFs. https://radar.offseq.com/threat/cve-2025-13066-cwe-434-unrestricted-upload-of-file-299ff291 #OffSeq #WordPress #Vuln #RCE

##

CVE-2025-13313
(9.8 CRITICAL)

EPSS: 0.12%

updated 2025-12-05T06:31:30

1 posts

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_cha

offseq at 2025-12-05T05:35:09.840Z ##

⚠️ CRITICAL: CVE-2025-13313 in dripadmin CRM Memberships (≤2.5) lets unauth attackers reset user passwords & harvest emails via unprotected AJAX endpoints. Restrict access, monitor for abuse, patch ASAP. Details: https://radar.offseq.com/threat/cve-2025-13313-cwe-862-missing-authorization-in-dr-61158105 #OffSeq #WordPress #ThreatIntel #CVE202513313

##

CVE-2025-1547(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-12-05T00:31:11

2 posts

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.

cR0w at 2025-12-04T22:24:36.968Z ##

@Dio9sys @da_667 Another one:

https://www.cve.org/CVERecord?id=CVE-2025-1547

##

cR0w@infosec.exchange at 2025-12-04T22:24:36.000Z ##

@Dio9sys @da_667 Another one:

##

CVE-2025-6946(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-12-05T00:31:11

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-11838(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-12-05T00:31:11

2 posts

A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.0 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-12026(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-12-05T00:31:11

2 posts

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-12196(CVSS UNKNOWN)

EPSS: 0.06%

updated 2025-12-05T00:31:11

2 posts

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

https://access.redhat.com/security/cve/CVE-2024-3884

##

CVE-2024-3884
(7.5 HIGH)

EPSS: 0.48%

updated 2025-12-04T23:15:45.300000

2 posts

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

cR0w at 2025-12-03T19:29:42.985Z ##

BRB, gonna put on some Tool.

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

##

cR0w@infosec.exchange at 2025-12-03T19:29:42.000Z ##

BRB, gonna put on some Tool.

https://access.redhat.com/security/cve/CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

##

CVE-2025-1910
(0 None)

EPSS: 0.01%

updated 2025-12-04T22:15:48.583000

2 posts

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and including 12.11.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-1545
(0 None)

EPSS: 0.17%

updated 2025-12-04T22:15:48.290000

2 posts

An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-13940
(0 None)

EPSS: 0.01%

updated 2025-12-04T22:15:48.140000

2 posts

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-13939
(0 None)

EPSS: 0.04%

updated 2025-12-04T22:15:48

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-13938
(0 None)

EPSS: 0.04%

updated 2025-12-04T22:15:47.863000

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-13937
(0 None)

EPSS: 0.04%

updated 2025-12-04T22:15:47.697000

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-13936
(0 None)

EPSS: 0.04%

updated 2025-12-04T22:15:47.520000

2 posts

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-12195
(0 None)

EPSS: 0.06%

updated 2025-12-04T22:15:46.920000

2 posts

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2.

cR0w at 2025-12-04T22:08:04.665Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

cR0w@infosec.exchange at 2025-12-04T22:08:04.000Z ##

WatchGuard

cc: @Dio9sys @da_667 but I didn't look to see if they were network vulns that you could write sigs for or not.

##

CVE-2025-66571(CVSS UNKNOWN)

EPSS: 0.18%

updated 2025-12-04T21:31:17

1 posts

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.

offseq at 2025-12-05T00:02:54.696Z ##

🚨 CVE-2025-66571: CRITICAL PHP object injection in UNA CMS 9.0.0-RC1–14.0.0-RC4. Remote, unauthenticated code execution via unsafe unserialize(). Restrict endpoints, monitor logs, & apply mitigations. Patch ASAP. https://radar.offseq.com/threat/cve-2025-66571-cwe-502-deserialization-of-untruste-c276a0d9 #OffSeq #CVE202566571 #Vuln

##

CVE-2025-29269(CVSS UNKNOWN)

EPSS: 0.13%

updated 2025-12-04T21:31:12

2 posts

ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.

cR0w at 2025-12-04T21:46:18.060Z ##

Genexis

ALLNET

##

cR0w@infosec.exchange at 2025-12-04T21:46:18.000Z ##

Genexis

ALLNET

##

CVE-2025-29268(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-04T21:31:06

2 posts

ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.

cR0w at 2025-12-04T21:46:18.060Z ##

Genexis

ALLNET

##

cR0w@infosec.exchange at 2025-12-04T21:46:18.000Z ##

Genexis

ALLNET

##

CVE-2025-65883(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-12-04T21:31:06

2 posts

A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token t

cR0w at 2025-12-04T21:46:18.060Z ##

Genexis

ALLNET

##

cR0w@infosec.exchange at 2025-12-04T21:46:18.000Z ##

Genexis

ALLNET

https://access.redhat.com/security/cve/cve-2025-66287

##

CVE-2025-13638
(8.8 HIGH)

EPSS: 0.10%

updated 2025-12-04T19:20:42.487000

1 posts

Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

jos1264@social.skynetcloud.site at 2025-12-02T23:15:01.000Z ##

CVE-2025-13638 - Google Chrome Media Stream Use After Free Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13638

##

CVE-2025-66373(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-04T18:31:01

2 posts

Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes t

beyondmachines1 at 2025-12-05T10:01:31.275Z ##

Akamai patches critical HTTP request smuggling flaw in Edge Server infrastructure

Akamai patched a critical HTTP Request Smuggling vulnerability (CVE-2025-66373) in its global edge server infrastructure that incorrectly processed malformed HTTP/1.1 chunked transfer encoding, potentially allowing attackers to bypass security controls, impersonate users, poison caches, and execute unauthorized requests.

**You can't do anything about this advisory. It's already fixed. But keep a record of it if you are using Akamai for vendor evaluation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/akamai-patches-critical-http-request-smuggling-flaw-in-edge-server-infrastructure-f-1-l-e-5/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-12-05T10:01:31.000Z ##

Akamai patches critical HTTP request smuggling flaw in Edge Server infrastructure

Akamai patched a critical HTTP Request Smuggling vulnerability (CVE-2025-66373) in its global edge server infrastructure that incorrectly processed malformed HTTP/1.1 chunked transfer encoding, potentially allowing attackers to bypass security controls, impersonate users, poison caches, and execute unauthorized requests.

**You can't do anything about this advisory. It's already fixed. But keep a record of it if you are using Akamai for vendor evaluation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/akamai-patches-critical-http-request-smuggling-flaw-in-edge-server-infrastructure-f-1-l-e-5/gD2P6Ple2L

##

CVE-2025-66287
(8.8 HIGH)

EPSS: 0.04%

updated 2025-12-04T18:31:01

2 posts

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

cR0w at 2025-12-04T17:07:15.813Z ##

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

##

cR0w@infosec.exchange at 2025-12-04T17:07:15.000Z ##

https://access.redhat.com/security/cve/cve-2025-66287

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

##

CVE-2025-13720
(8.8 HIGH)

EPSS: 0.07%

updated 2025-12-04T18:06:43.940000

1 posts

Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-13720 - Google Chrome Heap Corruption Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13720

##

CVE-2025-66516
(0 None)

EPSS: 0.05%

updated 2025-12-04T17:15:57.120000

5 posts

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoi

stoeps at 2025-12-05T20:46:45.128Z ##

Oh der Spaß geht weiter. D.h. die Java 8 Versionen sind auch mit entferntem PDF Modul angreifbar.

Apache Tika has XXE vulnerability · CVE-2025-66516 · GitHub Advisory Database · GitHub
https://github.com/advisories/GHSA-f58c-gq56-vjjf

##

offseq at 2025-12-05T01:04:10.959Z ##

🚨 CVE-2025-66516 CRITICAL: XXE in Apache Tika core (v1.13–3.2.1), tika-pdf-module, tika-parsers. Exploitable via crafted PDF XFA files — risks data exfil & DoS. Patch to 3.2.2+ now! https://radar.offseq.com/threat/cve-2025-66516-cwe-611-improper-restriction-of-xml-fa601313 #OffSeq #ApacheTika #XXE #Vuln

##

cR0w at 2025-12-04T17:09:00.797Z ##

Perfect 10 XXE in Apache Tika tika-core. 🥳

https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k

##

stoeps@infosec.exchange at 2025-12-05T20:46:45.000Z ##

Oh der Spaß geht weiter. D.h. die Java 8 Versionen sind auch mit entferntem PDF Modul angreifbar.

Apache Tika has XXE vulnerability · CVE-2025-66516 · GitHub Advisory Database · GitHub
https://github.com/advisories/GHSA-f58c-gq56-vjjf

##

cR0w@infosec.exchange at 2025-12-04T17:09:00.000Z ##

Perfect 10 XXE in Apache Tika tika-core. 🥳

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

#libpng #CVE_2025_66293 #infosec #cybersecurity

##

CVE-2025-66293
(7.1 HIGH)

EPSS: 0.04%

updated 2025-12-04T17:15:08.283000

2 posts

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trig

harrysintonen at 2025-12-04T12:14:37.827Z ##

libpng 1.6.0 through 1.6.51 out-of-bounds read vulnerability CVE-2025-66293 may lead to information disclosure (or denial of service). Due to a bug processing a PNG image may lead to read of 1012 bytes past the end of an array. Depending on the contents of the memory beyond this array, some confidential information may be leaked.

The conditions for the issue to trigger require the image to processed through the simplified API with an output format without alpha and no explicit background color. This means that not every application processing PNG images is leaking information. Also a limiting factor is that the affected system would need to return the decoded image data for the information leak to happen in the first place. Finally the information would need to cross a security context (for example from server to client, from privileged process to unprivileged or from user to another user) for the leak to have a security impact.

Interestingly the images resulting in the leak are in fact fully PNG spec compliant.

libpng 1.6.0 through 1.6.51 are affected. The vulnerability is fixed in libpng 1.6.52.

source: https://www.openwall.com/lists/oss-security/2025/12/03/5

##

harrysintonen@infosec.exchange at 2025-12-04T12:14:37.000Z ##

libpng 1.6.0 through 1.6.51 out-of-bounds read vulnerability CVE-2025-66293 may lead to information disclosure (or denial of service). Due to a bug processing a PNG image may lead to read of 1012 bytes past the end of an array. Depending on the contents of the memory beyond this array, some confidential information may be leaked.

The conditions for the issue to trigger require the image to processed through the simplified API with an output format without alpha and no explicit background color. This means that not every application processing PNG images is leaking information. Also a limiting factor is that the affected system would need to return the decoded image data for the information leak to happen in the first place. Finally the information would need to cross a security context (for example from server to client, from privileged process to unprivileged or from user to another user) for the leak to have a security impact.

Interestingly the images resulting in the leak are in fact fully PNG spec compliant.

libpng 1.6.0 through 1.6.51 are affected. The vulnerability is fixed in libpng 1.6.52.

source: https://www.openwall.com/lists/oss-security/2025/12/03/5

#libpng #CVE_2025_66293 #infosec #cybersecurity

##

CVE-2025-50360
(8.4 HIGH)

EPSS: 0.01%

updated 2025-12-04T17:15:08.283000

2 posts

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

1 repos

https://github.com/Ch1keen/CVE-2025-50360

cR0w at 2025-12-03T19:28:29.159Z ##

https://github.com/Ch1keen/CVE-2025-50360

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

##

cR0w@infosec.exchange at 2025-12-03T19:28:29.000Z ##

https://github.com/Ch1keen/CVE-2025-50360

A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.

##

CVE-2025-13342
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-12-04T17:15:08.283000

2 posts

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register

jos1264@social.skynetcloud.site at 2025-12-03T16:00:02.000Z ##

CVE-2025-13342 - Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update https://cvefeed.io/vuln/detail/CVE-2025-13342

##

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-13342 - Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update https://cvefeed.io/vuln/detail/CVE-2025-13342

##

CVE-2025-13756
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-12-04T17:15:08.283000

1 posts

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access and above, to import arbitrary calendars and manage them.

jos1264@social.skynetcloud.site at 2025-12-03T15:05:03.000Z ##

CVE-2025-13756 - Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management https://cvefeed.io/vuln/detail/CVE-2025-13756

##

CVE-2025-13947
(7.4 HIGH)

EPSS: 0.04%

updated 2025-12-04T17:15:08.283000

1 posts

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-13947 - Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop https://cvefeed.io/vuln/detail/CVE-2025-13947

##

CVE-2025-29864
(0 None)

EPSS: 0.02%

updated 2025-12-04T17:15:08.283000

1 posts

Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-29864 - ALZip SmartScreen Bypass Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-29864

##

CVE-2025-13472
(0 None)

EPSS: 0.03%

updated 2025-12-04T17:15:08.283000

1 posts

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-13472 - Missing authorization in BlazeMeter Jenkins Plugin https://cvefeed.io/vuln/detail/CVE-2025-13472

##

CVE-2025-13486
(9.8 CRITICAL)

EPSS: 0.25%

updated 2025-12-04T17:15:08.283000

2 posts

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject back

5 repos

https://github.com/0xnemian/CVE-2025-13486.-CVE-2025-13486

https://github.com/lasthero-887/CVE-2025-13486---Poc

https://github.com/MataKucing-OFC/CVE-2025-13486

https://github.com/KrE80r/cve-2025-13486-vuln-setup

https://github.com/0xanis/CVE-2025-13486-POC

jos1264@social.skynetcloud.site at 2025-12-03T09:55:01.000Z ##

CVE-2025-13486 - Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form https://cvefeed.io/vuln/detail/CVE-2025-13486

##

jos1264@social.skynetcloud.site at 2025-12-03T07:10:02.000Z ##

CVE-2025-13486 - Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form https://cvefeed.io/vuln/detail/CVE-2025-13486

##

CVE-2025-12954
(2.7 LOW)

EPSS: 0.02%

updated 2025-12-04T17:15:08.283000

1 posts

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

jos1264@social.skynetcloud.site at 2025-12-03T07:10:02.000Z ##

CVE-2025-12954 - Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR https://cvefeed.io/vuln/detail/CVE-2025-12954

##

CVE-2025-12585
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-12-04T17:15:08.283000

1 posts

The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values that can subsequently be used to access conversation data.

1 repos

https://github.com/d0n601/CVE-2025-12585

jos1264@social.skynetcloud.site at 2025-12-03T07:10:02.000Z ##

CVE-2025-12585 - MxChat – AI Chatbot for WordPress <= 2.5.5 - Unauthenticated Information Exposure https://cvefeed.io/vuln/detail/CVE-2025-12585

##

CVE-2025-13646
(7.5 HIGH)

EPSS: 0.19%

updated 2025-12-04T17:15:08.283000

1 posts

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible.

jos1264@social.skynetcloud.site at 2025-12-03T04:30:02.000Z ##

CVE-2025-13646 - Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition https://cvefeed.io/vuln/detail/CVE-2025-13646

##

CVE-2025-13448
(6.4 MEDIUM)

EPSS: 0.03%

updated 2025-12-04T17:15:08.283000

1 posts

The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a use

jos1264@social.skynetcloud.site at 2025-12-03T04:30:01.000Z ##

CVE-2025-13448 - CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute https://cvefeed.io/vuln/detail/CVE-2025-13448

##

CVE-2025-66476
(7.8 HIGH)

EPSS: 0.01%

updated 2025-12-04T17:15:08.283000

1 posts

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes too

jos1264@social.skynetcloud.site at 2025-12-03T02:05:02.000Z ##

CVE-2025-66476 - Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-66476

##

CVE-2025-64298
(8.4 HIGH)

EPSS: 0.01%

updated 2025-12-04T17:15:08.283000

2 posts

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

jos1264@social.skynetcloud.site at 2025-12-02T23:15:03.000Z ##

CVE-2025-64298 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-64298

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-64298 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-64298

##

CVE-2025-62575
(8.3 HIGH)

EPSS: 0.18%

updated 2025-12-04T17:15:08.283000

2 posts

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-62575 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-62575

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-62575 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-62575

##

CVE-2025-65877
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-12-04T17:15:08.283000

1 posts

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements, enabling attackers to read sensitive data from the database.

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-65877 - Lvzhou CMS SQL Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65877

##

CVE-2025-33208
(8.8 HIGH)

EPSS: 0.03%

updated 2025-12-04T17:15:08.283000

1 posts

NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.

AAKL@infosec.exchange at 2025-12-02T17:18:52.000Z ##

Two new advisories from Nvidia, both high severity:

- CVE-2025-33211 and CVE-2025-33201: NVIDIA Triton Inference Server https://nvidia.custhelp.com/app/answers/detail/a_id/5734

- CVE-2025-33208: NVIDIA TAO https://nvidia.custhelp.com/app/answers/detail/a_id/5730 #Nvidia #infosec #vulnerability

##

CVE-2025-12819
(7.5 HIGH)

EPSS: 0.06%

updated 2025-12-04T00:32:03

1 posts

Untrusted search path in auth_query connection handler in PgBouncer before 1.25.0 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.

PostgreSQL@activitypub.awakari.com at 2025-12-03T00:00:00.000Z ## PgBouncer 1.25.1 released - Fixing a bunch of bugs before Christmas (including CVE-2025-12819) PgBouncer 1.25.1 has been released. This release fixes CVE-2025-12819: Before this release it was poss...

Origin | Interest | Match ##

CVE-2021-26828
(8.8 HIGH)

EPSS: 80.12%

updated 2025-12-03T21:32:01

8 posts

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

3 repos

https://github.com/hev0x/CVE-2021-26828_ScadaBR_RCE

https://github.com/Yuri08loveElaina/CVE-2021-26828

https://github.com/ridpath/CVE-2021-26828-Ultimate

undercodenews@mastodon.social at 2025-12-04T23:22:57.000Z ##

US CISA Flags Critical OpenPLC ScadaBR Vulnerabilities Impacting Industrial Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog, signaling a heightened risk for industrial control systems across both public and private sectors. These flaws, identified as CVE-2021-26828 and CVE-2021-26829, expose critical weaknesses that could allow…

https://undercodenews.com/us-cisa-flags-critical-openplc-scadabr-vulnerabilities-impacting-industrial-systems/

##

DarkWebInformer at 2025-12-04T18:21:36.944Z ##

🚨CVE-2021-26828: OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability has been added to the CISA KEV Catalog

Vendor: OpenPLC
Product: ScadaBR
CVSS: 8.8

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20251203 #cisa20251203 #cve_2021_26828 #cve202126828

##

secdb at 2025-12-03T22:00:12.004Z ##

🚨 [CISA-2025:1203] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2025:1203)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2021-26828 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-26828)
- Name: OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: OpenPLC
- Product: ScadaBR
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828

##

hrbrmstr@mastodon.social at 2025-12-03T20:36:44.000Z ##

Sure CISA says (today) CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability is rly bad and being actively exploited by real attackers, but WILL MY TEAM DO THAT?! Nope. They're part of the celebrity vuln. cult.

##

cisakevtracker@mastodon.social at 2025-12-03T19:00:57.000Z ##

CVE ID: CVE-2021-26828
Vendor: OpenPLC
Product: ScadaBR
Date Added: 2025-12-03
Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-26828

##

DarkWebInformer@infosec.exchange at 2025-12-04T18:21:36.000Z ##

🚨CVE-2021-26828: OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability has been added to the CISA KEV Catalog

Vendor: OpenPLC
Product: ScadaBR
CVSS: 8.8

https://github.com/Ch1keen/CVE-2025-50361

##

hrbrmstr@mastodon.social at 2025-12-03T20:36:44.000Z ##

Sure CISA says (today) CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability is rly bad and being actively exploited by real attackers, but WILL MY TEAM DO THAT?! Nope. They're part of the celebrity vuln. cult.

##

cisakevtracker@mastodon.social at 2025-12-03T19:00:57.000Z ##

CVE ID: CVE-2021-26828
Vendor: OpenPLC
Product: ScadaBR
Date Added: 2025-12-03
Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-26828

##

CVE-2025-50361
(5.1 MEDIUM)

EPSS: 0.01%

updated 2025-12-03T21:31:11

2 posts

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.

1 repos

cR0w at 2025-12-03T20:38:34.575Z ##

BoF in SmallBASIC.

https://github.com/Ch1keen/CVE-2025-50361

##

cR0w@infosec.exchange at 2025-12-03T20:38:34.000Z ##

BoF in SmallBASIC.

https://github.com/Ch1keen/CVE-2025-50361

##

CVE-2025-13086(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-12-03T21:31:11

4 posts

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

cR0w at 2025-12-03T20:36:00.608Z ##

Hold up.

Wait a minute.

Something ain't right.

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client.

##

linux@activitypub.awakari.com at 2025-12-03T21:31:18.000Z ## Debian: OpenVPN Critical HMAC Flaw Bypass CVE-2025-13086 DSA-6069-1 It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remot...

#Debian #Linux #Distribution #- #Security #Advisories

Origin | Interest | Match ##

cR0w@infosec.exchange at 2025-12-03T20:36:00.000Z ##

Hold up.

Wait a minute.

Something ain't right.

https://community.openvpn.net/Security%20Announcements/CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client.

##

beyondmachines1@infosec.exchange at 2025-12-03T08:01:31.000Z ##

OpenVPN releases security updates patching HMAC bypass, buffer over-read, and Windows DoS flaws

OpenVPN has patched three vulnerabilities including two critical flaws (CVE-2025-13086 and CVE-2025-12106, both CVSS 9.1): a logic error that bypasses HMAC verification allowing unauthorized TLS sessions from any IP address, and an IPv6 parsing flaw causing buffer over-reads.

**Plan a quick update of your OpenVPN to version 2.6.17 (stable) or 2.7_rc3 (development) to fix three interesting security flaws. This is not critical, but a wise choice to patch, since OpenVPN is exposed to the internet and someone will find an exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/openvpn-releases-security-updates-patching-hmac-bypass-buffer-over-read-and-windows-dos-flaws-1-o-b-m-6/gD2P6Ple2L

##

CVE-2025-33201
(7.5 HIGH)

EPSS: 0.04%

updated 2025-12-03T21:31:10

1 posts

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.

AAKL@infosec.exchange at 2025-12-02T17:18:52.000Z ##

Two new advisories from Nvidia, both high severity:

- CVE-2025-33211 and CVE-2025-33201: NVIDIA Triton Inference Server https://nvidia.custhelp.com/app/answers/detail/a_id/5734

- CVE-2025-33208: NVIDIA TAO https://nvidia.custhelp.com/app/answers/detail/a_id/5730 #Nvidia #infosec #vulnerability

##

CVE-2025-41012
(5.3 MEDIUM)

EPSS: 0.05%

updated 2025-12-03T21:31:04

1 posts

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.

jos1264@social.skynetcloud.site at 2025-12-02T17:00:02.000Z ##

CVE-2025-41012 - Unauthorized access vulnerability in TCMAN GIM https://cvefeed.io/vuln/detail/CVE-2025-41012

##

CVE-2025-11788
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-12-03T21:31:04

1 posts

Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input f

jos1264@social.skynetcloud.site at 2025-12-02T17:00:02.000Z ##

CVE-2025-11788 - Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 https://cvefeed.io/vuln/detail/CVE-2025-11788

##

CVE-2025-65358
(9.8 CRITICAL)

EPSS: 0.03%

updated 2025-12-03T20:22:29.533000

1 posts

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:03.000Z ##

CVE-2025-65358 - Edoc Doctor Appointment System SQL Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65358

##

CVE-2025-41013
(9.8 CRITICAL)

EPSS: 0.03%

updated 2025-12-03T19:54:41.300000

1 posts

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

jos1264@social.skynetcloud.site at 2025-12-02T17:00:02.000Z ##

CVE-2025-41013 - SQL injection vulnerability in TCMAN GIM https://cvefeed.io/vuln/detail/CVE-2025-41013

##

CVE-2025-11787
(8.8 HIGH)

EPSS: 0.21%

updated 2025-12-03T19:16:37.603000

1 posts

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.

jos1264@social.skynetcloud.site at 2025-12-02T17:00:02.000Z ##

CVE-2025-11787 - Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50 https://cvefeed.io/vuln/detail/CVE-2025-11787

##

CVE-2025-34319(CVSS UNKNOWN)

EPSS: 1.84%

updated 2025-12-03T18:30:37

1 posts

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.

offseq at 2025-12-04T07:34:17.404Z ##

🔥 CVE-2025-34319: CRITICAL OS Command Injection in TOTOLINK N300RT (firmware < V3.4.0-B20250430). Unauthenticated RCE via Boa formWsc—patch ASAP or segment & restrict access. Monitor for exploit attempts! https://radar.offseq.com/threat/cve-2025-34319-cwe-78-improper-neutralization-of-s-9672dc71 #OffSeq #CVE202534319 #IoTSecurity

##

CVE-2025-66431
(7.9 HIGH)

EPSS: 0.03%

updated 2025-12-03T18:30:37

2 posts

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."

cR0w at 2025-12-03T17:04:54.522Z ##

Go hack more Plesk shit.

https://support.plesk.com/hc/en-us/articles/36494997377687--CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root

##

cR0w@infosec.exchange at 2025-12-03T17:04:54.000Z ##

Go hack more Plesk shit.

https://support.plesk.com/hc/en-us/articles/36494997377687--CVE-2025-66431-Security-vulnerability-in-domain-creation-mechanism-allows-Plesk-users-to-execute-arbitrary-code-on-behalf-of-root

##

CVE-2025-13390
(10.0 CRITICAL)

EPSS: 0.25%

updated 2025-12-03T18:30:24

1 posts

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative a

2 repos

https://github.com/d0n601/CVE-2025-13390

https://github.com/sidmug3307/CVE-2025-13390-Exploit

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-13390 - WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover https://cvefeed.io/vuln/detail/CVE-2025-13390

##

CVE-2025-66478
(0 None)

EPSS: 0.00%

updated 2025-12-03T18:15:47.200000

37 posts

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

23 repos

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

https://github.com/hackersatyamrastogi/react2shell-ultimate

https://github.com/freeqaz/react2shell

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/jctommasi/react2shellVulnApp

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/nehkark/CVE-2025-55182

https://github.com/assetnote/react2shell-scanner

https://github.com/imbas007/POC-CVE-2025-66478

https://github.com/sh1ro8/react2shell

https://github.com/pyroxenites/Nextjs_RCE_Exploit_Tool

https://github.com/mattcbarrett/check-cve-2025-66478

https://github.com/Saturate/CVE-2025-55182-Scanner

https://github.com/abtonc/next-cve-2025-66478

https://github.com/CymulateResearch/React2Shell-Scanner

https://github.com/tobiasGuta/Next.js-RSC-RCE-Scanner-Burp-Suite-Extension

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI

https://github.com/wangxso/CVE-2025-66478-POC

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

https://github.com/shamo0/react2shell-PoC

Viss@mastodon.social at 2025-12-05T18:07:00.000Z ##

RIP javascript devs

https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

##

DarkWebInformer at 2025-12-05T18:04:48.179Z ##

🚨 CVE-2025-66478: Next.js RSC RCE Scanner and POC/Exploit Collection

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

GitHub: https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

##

cR0w at 2025-12-05T16:08:51.910Z ##

Progress Sitefinity Next.js Renderer appears to be vulnerable to this React vuln. React2Shell? Is that what everyone is calling it?

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2025-66478-and-CVE-2025-55182-December-2025

##

RedTeamNews at 2025-12-04T15:19:44.530Z ##

Critical RCE vulnerability (React2shell) found in React Server Components and Next.js. Affects many modern web apps. Patch immediately or deploy WAF rules. Exploitation is imminent.

https://redteamnews.com/red-team/cve/critical-react-and-next-js-rce-vulnerability-analysis-of-cve-2025-55182-and-cve-2025-66478/

##

ngate@mastodon.social at 2025-12-04T13:36:43.000Z ##

🚨 ALERT! 🚨 #NextJS finally achieved what we all thought impossible: a CVSS 10.0 vulnerability! 🎯 Bravo, they've hit the bullseye of FAIL! 🙈 It's always heartwarming when devs leave the #backdoor open for #hackers to make themselves at home. 🏠🔓
https://nextjs.org/blog/CVE-2025-66478 #Vulnerability #CVSS10 #SecurityFail #HackerNews #ngated

##

h4ckernews@mastodon.social at 2025-12-04T13:19:08.000Z ##

NextJS Security Vulnerability

#HackerNews #NextJS #Security #Vulnerability #NextJS #Security #Vulnerability #Cybersecurity #WebDevelopment #SoftwareSecurity #CVE2025

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-12-04T12:04:47.000Z ##

NextJS Security Vulnerability
https://nextjs.org/blog/CVE-2025-66478
#ycombinator

##

jasonstcyr@mstdn.ca at 2025-12-04T12:00:27.000Z ##

You've probably heard about the CVE-2025-66478 vulnerability for React and that the vulnerability also affects Next.js. It's really important you make sure you are patched!

Here's the Next.js article on it: https://nextjs.org/blog/CVE-2025-66478
Here's the React article on it: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Get your updates done, even if you don't use React Server components!

##

CuratedHackerNews@mastodon.social at 2025-12-04T11:47:04.000Z ##

NextJS Security Vulnerability

#security

##

hnbot@chrispelli.fun at 2025-12-04T11:44:41.000Z ##

NextJS Security Vulnerability - https://nextjs.org/blog/CVE-2025-66478

#hackernews

##

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

⚠️ Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog

｢ Wiz data indicates that 39% of cloud environments contain instances of Next.js or React in versions vulnerable to CVE-2025-55182 and/or CVE-2025-66478. Regarding Next.js, the framework itself is present in 69% of environments. Notably, 61% of those environments have public applications running Next.js, meaning that 44% of all cloud environments have publicly exposed Next.js instances ｣

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Next.js RSC : détection fiable d’une RCE (CVE-2025-55182 & CVE-2025-66478)
📝 Selon Searchlight Cyber (billet de recherche, 4 décembre 2025), une vulnérabilité de type RCE affectan...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-next-js-rsc-detection-fiable-dune-rce-cve-2025-55182-cve-2025-66478/
🌐 source : https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
#CVE_2025_55182_66478 #IOC #Cyberveille

##

beyondmachines1 at 2025-12-04T08:01:31.083Z ##

Critical remote code execution vulnerabilities reported in React and Next.js

React and Next.js have patched two critical remote code execution vulnerabilities (CVE-2025-55182 and CVE-2025-66478) in React Server Components that allow unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests exploiting insecure deserialization. Default configurations are vulnerable with near 100% exploitation reliability.

**If you're running React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers can take complete control of your servers with no authentication needed. Plan a VERY QUICK upgrade to the latest patched versions - this is the only fix available, so prioritize this update now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerabilities-reported-in-react-and-next-js-j-3-6-0-d/gD2P6Ple2L

##

_r_netsec at 2025-12-04T07:13:06.648Z ##

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

##

awssecurityfeed at 2025-12-04T04:30:00.885Z ##

CVE-2025-66478: RCE in React Server Components

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight...

https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/

https://www.upwind.io/feed/critical-security-alert-unauthenticated-rce-in-react-next-js-cve-2025-55182-cve-2025-66478

##

wav3 at 2025-12-03T22:39:14.262Z ##

Happy Holidays Everyone!

#cybersecurity #vulnerability #cve

##

avuko at 2025-12-03T21:45:40.258Z ##

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages -

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

It's worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

#REACTjs #NEXTjs #infosec #cybersecurity #CVE202566478 #CVE202555182 #ShitIsOnFireYo

##

grey at 2025-12-03T20:34:15.355Z ##

@hrbrmstr Can we kill Next.js while we're at it? https://trends.builtwith.com/websitelist/Next.js
https://nextjs.org/blog/CVE-2025-66478

##

nopatience@swecyb.com at 2025-12-03T19:36:27.000Z ##

@GossiTheDog Worth mentioning that Next.js appears affected 15.x and 16.x.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://nextjs.org/blog/CVE-2025-66478

##

AAKL at 2025-12-03T17:02:59.823Z ##

New.

This relates to CVE-2025-55182 and CVE-2025-66478. Wiz: Critical Vulnerabilities in React and Next.js: everything you need to know https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 @wiz #infosec #vulnerabilities #threatresearch

##

mttaggart at 2025-12-03T16:49:42.648Z ##

RCE in React Server Components, impacting React and Next.js. I usually don't say this, but patch right freakin' now. The React CVE listing (CVE-2025-55182) is a perfect 10.

##

Viss@mastodon.social at 2025-12-05T18:07:00.000Z ##

RIP javascript devs

https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

##

DarkWebInformer@infosec.exchange at 2025-12-05T18:04:48.000Z ##

🚨 CVE-2025-66478: Next.js RSC RCE Scanner and POC/Exploit Collection

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

GitHub: https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478

##

cR0w@infosec.exchange at 2025-12-05T16:08:51.000Z ##

Progress Sitefinity Next.js Renderer appears to be vulnerable to this React vuln. React2Shell? Is that what everyone is calling it?

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2025-66478-and-CVE-2025-55182-December-2025

##

h4ckernews@mastodon.social at 2025-12-04T13:19:08.000Z ##

NextJS Security Vulnerability

#HackerNews #NextJS #Security #Vulnerability #NextJS #Security #Vulnerability #Cybersecurity #WebDevelopment #SoftwareSecurity #CVE2025

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-12-04T12:04:47.000Z ##

NextJS Security Vulnerability
https://nextjs.org/blog/CVE-2025-66478
#ycombinator

##

CuratedHackerNews@mastodon.social at 2025-12-04T11:47:04.000Z ##

NextJS Security Vulnerability

#security

##

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182

⚠️ Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog

｢ Wiz data indicates that 39% of cloud environments contain instances of Next.js or React in versions vulnerable to CVE-2025-55182 and/or CVE-2025-66478. Regarding Next.js, the framework itself is present in 69% of environments. Notably, 61% of those environments have public applications running Next.js, meaning that 44% of all cloud environments have publicly exposed Next.js instances ｣

##

cyberveille@mastobot.ping.moi at 2025-12-04T08:30:04.000Z ##

📢 Next.js RSC : détection fiable d’une RCE (CVE-2025-55182 & CVE-2025-66478)
📝 Selon Searchlight Cyber (billet de recherche, 4 décembre 2025), une vulnérabilité de type RCE affectan...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-next-js-rsc-detection-fiable-dune-rce-cve-2025-55182-cve-2025-66478/
🌐 source : https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/
#CVE_2025_55182_66478 #IOC #Cyberveille

##

beyondmachines1@infosec.exchange at 2025-12-04T08:01:31.000Z ##

Critical remote code execution vulnerabilities reported in React and Next.js

React and Next.js have patched two critical remote code execution vulnerabilities (CVE-2025-55182 and CVE-2025-66478) in React Server Components that allow unauthenticated attackers to execute arbitrary code through specially crafted HTTP requests exploiting insecure deserialization. Default configurations are vulnerable with near 100% exploitation reliability.

**If you're running React 19.x or Next.js 15.x/16.x (or frameworks using React Server Components like Waku or Redwood), attackers can take complete control of your servers with no authentication needed. Plan a VERY QUICK upgrade to the latest patched versions - this is the only fix available, so prioritize this update now.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerabilities-reported-in-react-and-next-js-j-3-6-0-d/gD2P6Ple2L

##

_r_netsec@infosec.exchange at 2025-12-04T07:13:06.000Z ##

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

##

awssecurityfeed@infosec.exchange at 2025-12-04T04:30:00.000Z ##

CVE-2025-66478: RCE in React Server Components

Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight...

https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/

https://thehackernews.com/2025/12/critical-rsc-bugs-in-react-and-nextjs.html

##

avuko@infosec.exchange at 2025-12-03T21:45:40.000Z ##

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution.

The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0.

The vulnerability impacts versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of the following npm packages -

react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack

It's worth noting that the vulnerability also affects Next.js using App Router. The issue has been assigned the CVE identifier CVE-2025-66478 (CVSS score: 10.0). It impacts versions >=14.3.0-canary.77, >=15, and >=16. Patched versions are 16.0.7, 15.5.7, 15.4.8, 15.3.6, 15.2.6, 15.1.9, and 15.0.5.

#REACTjs #NEXTjs #infosec #cybersecurity #CVE202566478 #CVE202555182 #ShitIsOnFireYo

##

grey@infosec.exchange at 2025-12-03T20:34:15.000Z ##

@hrbrmstr Can we kill Next.js while we're at it? https://trends.builtwith.com/websitelist/Next.js
https://nextjs.org/blog/CVE-2025-66478

##

nopatience@swecyb.com at 2025-12-03T19:36:27.000Z ##

@GossiTheDog Worth mentioning that Next.js appears affected 15.x and 16.x.

https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://nextjs.org/blog/CVE-2025-66478

##

AAKL@infosec.exchange at 2025-12-03T17:02:59.000Z ##

New.

This relates to CVE-2025-55182 and CVE-2025-66478. Wiz: Critical Vulnerabilities in React and Next.js: everything you need to know https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 @wiz #infosec #vulnerabilities #threatresearch

##

mttaggart@infosec.exchange at 2025-12-03T16:49:42.000Z ##

RCE in React Server Components, impacting React and Next.js. I usually don't say this, but patch right freakin' now. The React CVE listing (CVE-2025-55182) is a perfect 10.

##

CVE-2025-65657
(6.5 MEDIUM)

EPSS: 0.08%

updated 2025-12-03T16:59:22

1 posts

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the applica

jos1264@social.skynetcloud.site at 2025-12-02T22:00:03.000Z ##

CVE-2025-65657 - FeehiCMS Remote Code Execution via Unrestricted File Upload https://cvefeed.io/vuln/detail/CVE-2025-65657

##

CVE-2025-65656
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-12-03T15:31:32

1 posts

dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:03.000Z ##

CVE-2025-65656 - Apache Dcat-Admin File Inclusion Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65656

##

CVE-2025-60854
(9.8 CRITICAL)

EPSS: 0.27%

updated 2025-12-03T15:31:32

1 posts

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

cR0w@infosec.exchange at 2025-12-02T17:57:29.000Z ##

D-Link

https://www.cve.org/CVERecord?id=CVE-2025-60854

https://github.com/initstring/abrt_root

##

CVE-2025-13949
(6.3 MEDIUM)

EPSS: 0.03%

updated 2025-12-03T15:30:36

1 posts

A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

jos1264@social.skynetcloud.site at 2025-12-03T15:05:03.000Z ##

CVE-2025-13949 - ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload https://cvefeed.io/vuln/detail/CVE-2025-13949

##

CVE-2025-13948
(5.6 MEDIUM)

EPSS: 0.04%

updated 2025-12-03T15:30:36

1 posts

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is as

jos1264@social.skynetcloud.site at 2025-12-03T15:05:03.000Z ##

CVE-2025-13948 - opsre go-ldap-admin JWT docker-compose.yaml hard-coded key https://cvefeed.io/vuln/detail/CVE-2025-13948

##

CVE-2025-13401
(6.4 MEDIUM)

EPSS: 0.03%

updated 2025-12-03T15:30:36

1 posts

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to insufficient input sanitization and output escaping on user-supplied image attributes in the "create_img_preload_tag" function. This makes it possible for authenticated attackers, with contributor level access and above, to injec

jos1264@social.skynetcloud.site at 2025-12-03T15:05:03.000Z ##

CVE-2025-13401 - Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting https://cvefeed.io/vuln/detail/CVE-2025-13401

##

CVE-2025-13109
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-12-03T15:30:36

1 posts

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to insert or remove arb

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-13109 - HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' https://cvefeed.io/vuln/detail/CVE-2025-13109

##

CVE-2025-12887
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-12-03T15:30:36

1 posts

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handle_gmail_oauth_redirect' function. This makes it possible for authenticated attackers, with subscriber level access and above, to inject invalid or attacker-controlled OAut

jos1264@social.skynetcloud.site at 2025-12-03T15:05:02.000Z ##

CVE-2025-12887 - Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update https://cvefeed.io/vuln/detail/CVE-2025-12887

##

CVE-2025-65186
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-12-03T14:18:29

1 posts

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize <script> tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:03.000Z ##

CVE-2025-65186 - Grav CMS Stored XSS Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65186

##

CVE-2025-39665(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-12-03T12:30:20

1 posts

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

jos1264@social.skynetcloud.site at 2025-12-03T11:10:03.000Z ##

CVE-2025-39665 - Livestatus Injection in dynmaps https://cvefeed.io/vuln/detail/CVE-2025-39665

##

CVE-2025-13945
(5.5 MEDIUM)

EPSS: 0.01%

updated 2025-12-03T09:31:18

1 posts

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-13945 - Improperly Controlled Sequential Memory Allocation in Wireshark https://cvefeed.io/vuln/detail/CVE-2025-13945

##

CVE-2025-12744
(8.8 HIGH)

EPSS: 0.02%

updated 2025-12-03T09:31:13

2 posts

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultim

1 repos

jos1264@social.skynetcloud.site at 2025-12-03T12:00:02.000Z ##

CVE-2025-12744 - Abrt: command-injection in abrt leading to local privilege escalation https://cvefeed.io/vuln/detail/CVE-2025-12744

##

jos1264@social.skynetcloud.site at 2025-12-03T11:10:02.000Z ##

CVE-2025-12744 - Abrt: command-injection in abrt leading to local privilege escalation https://cvefeed.io/vuln/detail/CVE-2025-12744

##

CVE-2025-13495
(4.9 MEDIUM)

EPSS: 0.02%

updated 2025-12-03T06:31:20

1 posts

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries i

jos1264@social.skynetcloud.site at 2025-12-03T07:10:02.000Z ##

CVE-2025-13495 - FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter https://cvefeed.io/vuln/detail/CVE-2025-13495

##

CVE-2025-10304
(5.3 MEDIUM)

EPSS: 0.06%

updated 2025-12-03T06:31:16

1 posts

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to delete the back-up progress files and cause a back-up to fail while it is in progress.

jos1264@social.skynetcloud.site at 2025-12-03T07:10:02.000Z ##

CVE-2025-10304 - Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure https://cvefeed.io/vuln/detail/CVE-2025-10304

##

CVE-2025-13645
(7.2 HIGH)

EPSS: 0.65%

updated 2025-12-03T03:31:21

1 posts

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (

jos1264@social.skynetcloud.site at 2025-12-03T04:30:01.000Z ##

CVE-2025-13645 - Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion https://cvefeed.io/vuln/detail/CVE-2025-13645

##

CVE-2025-55181
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-12-03T03:31:21

1 posts

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.

jos1264@social.skynetcloud.site at 2025-12-03T02:05:02.000Z ##

CVE-2025-55181 - Apache Quic HTTP Denial of Service (DoS) https://cvefeed.io/vuln/detail/CVE-2025-55181

##

CVE-2025-65380
(6.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-03T00:31:35

1 posts

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

jos1264@social.skynetcloud.site at 2025-12-02T22:00:03.000Z ##

CVE-2025-65380 - PHPGurukul Billing System SQL Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65380

##

CVE-2025-65379
(6.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-03T00:31:35

1 posts

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-65379 - PHPGurukul Billing System SQL Injection Vulnerability https://cvefeed.io/vuln/detail/CVE-2025-65379

##

CVE-2025-64460
(7.5 HIGH)

EPSS: 0.03%

updated 2025-12-02T22:16:08.850000

1 posts

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML input processed by the XML `Deserializer`. Earlier, unsupported Django series (such as 5.0.x, 4.1

jos1264@social.skynetcloud.site at 2025-12-02T18:55:02.000Z ##

CVE-2025-64460 - Potential denial-of-service vulnerability in XML serializer text extraction https://cvefeed.io/vuln/detail/CVE-2025-64460

##

CVE-2025-64070
(5.4 MEDIUM)

EPSS: 0.03%

updated 2025-12-02T21:32:34

1 posts

Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:03.000Z ##

CVE-2025-64070 - Sourcecodester Student Grades Management System Cross Site Scripting (XSS) https://cvefeed.io/vuln/detail/CVE-2025-64070

##

CVE-2022-50266
(5.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-02T21:32:33

2 posts

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in kill_kprobe() In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be called always fails. This is because before that we set the KPROBE_FLAG_GONE flag for kprobe so that "!kprobe_disabled(p)" is always false. The disarm_kprobe_ftrace() call introduced by commit: 0cb2f13

AAKL at 2025-12-04T17:21:09.668Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T17:21:09.000Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

CVE-2025-13658(CVSS UNKNOWN)

EPSS: 0.08%

updated 2025-12-02T21:31:42

4 posts

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

beyondmachines1@infosec.exchange at 2025-12-03T10:01:31.000Z ##

Critical remote code execution flaw reported in Industrial Video & Control Longwatch surveillance system

CISA is reporting a critical vulnerability (CVE-2025-13658) in Industrial Video & Control's Longwatch video surveillance platform that allows unauthenticated attackers to execute arbitrary code and gain full system control through an exposed HTTP endpoint. The flaw affects versions 6.309-6.334.

**This one is very important! If you have Industrial Video & Control Longwatch surveillance systems, ensure these devices are isolated from the internet and only accessible from trusted networks. Then plan a very quick upgrade to version 6.335 or later. Your Longwatch is vulnerable and very easy to hack, so don't delay.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-industrial-video-control-longwatch-surveillance-system-2-a-w-v-p/gD2P6Ple2L

##

adulau@infosec.exchange at 2025-12-03T05:28:40.000Z ##

Always look at the credits in CVE records, they’re full of insightful details.

I particularly enjoyed this one. By the way, in Vulnerability Lookup we also have a nice display of the actual credits: finder, coordinator, and so on.

🔗 https://vulnerability.circl.lu/vuln/cve-2025-13658

"A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
"

#cve #gcve #vulnerability #vulnerabilitymanagement

##

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-13658 - Industrial Video & Control Longwatch has a Code Injection vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13658

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:01.000Z ##

CVE-2025-13658 - Industrial Video & Control Longwatch has a Code Injection vulnerability https://cvefeed.io/vuln/detail/CVE-2025-13658

##

CVE-2025-64778
(7.3 HIGH)

EPSS: 0.01%

updated 2025-12-02T21:31:42

2 posts

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.

jos1264@social.skynetcloud.site at 2025-12-02T23:15:03.000Z ##

CVE-2025-64778 - Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials https://cvefeed.io/vuln/detail/CVE-2025-64778

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-64778 - Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials https://cvefeed.io/vuln/detail/CVE-2025-64778

##

CVE-2025-64642
(8.0 HIGH)

EPSS: 0.01%

updated 2025-12-02T21:31:42

2 posts

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

jos1264@social.skynetcloud.site at 2025-12-02T23:15:03.000Z ##

CVE-2025-64642 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-64642

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-64642 - Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource https://cvefeed.io/vuln/detail/CVE-2025-64642

##

CVE-2025-61940
(8.3 HIGH)

EPSS: 0.07%

updated 2025-12-02T21:31:42

2 posts

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which w

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-61940 - Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication https://cvefeed.io/vuln/detail/CVE-2025-61940

##

jos1264@social.skynetcloud.site at 2025-12-02T22:00:02.000Z ##

CVE-2025-61940 - Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication https://cvefeed.io/vuln/detail/CVE-2025-61940

##

CVE-2025-13510(CVSS UNKNOWN)

EPSS: 0.09%

updated 2025-12-02T21:31:37

2 posts

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

beyondmachines1@infosec.exchange at 2025-12-03T11:01:31.000Z ##

Critical authentication bypass flaw reported in Iskra Smart Metering gateways

CISA is reporting a critical missing authentication vulnerability (CVE-2025-13510) in all versions of Iskra iHUB and iHUB Lite smart metering gateways that allows unauthenticated remote attackers to perform privileged operations via an exposed web management interface. No patch is currently available. The vendor has not responded to CISA.

**If you are using Iskra iHUB and iHUB Lite smart metering gateways, make sure that they are isolated from the internet and placed behind firewalls on trusted networks only. Since no patch is available, require VPN access for any remote management and closely monitor these devices for unauthorized access attempts.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-iskra-smart-metering-gateways-a-4-y-a-9/gD2P6Ple2L

##

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-13510 - Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy https://cvefeed.io/vuln/detail/CVE-2025-13510

##

CVE-2025-13542
(9.8 CRITICAL)

EPSS: 0.07%

updated 2025-12-02T21:31:37

1 posts

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

jos1264@social.skynetcloud.site at 2025-12-02T23:15:02.000Z ##

CVE-2025-13542 - DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation https://cvefeed.io/vuln/detail/CVE-2025-13542

##

CVE-2025-57850
(5.2 MEDIUM)

EPSS: 0.00%

updated 2025-12-02T21:31:37

1 posts

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This coul

cR0w@infosec.exchange at 2025-12-02T19:16:38.000Z ##

lolwut

https://access.redhat.com/security/cve/CVE-2025-57850

This issue stems from the /etc/passwd file being created with group-writable permissions during build time.

##

CVE-2025-34352(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-12-02T21:31:37

1 posts

JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is tr

jos1264@social.skynetcloud.site at 2025-12-02T19:15:02.000Z ##

CVE-2025-34352 - JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory https://cvefeed.io/vuln/detail/CVE-2025-34352

##

CVE-2025-13827(CVSS UNKNOWN)

EPSS: 0.27%

updated 2025-12-02T21:11:36

2 posts

### Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ### Impact If the media folder is not restricted from running files this can lead to a remote code execution.

jos1264@social.skynetcloud.site at 2025-12-02T19:15:02.000Z ##

CVE-2025-13827 - GrapesJsBuilder File Upload allows all file uploads https://cvefeed.io/vuln/detail/CVE-2025-13827

##

jos1264@social.skynetcloud.site at 2025-12-02T18:55:02.000Z ##

CVE-2025-13827 - GrapesJsBuilder File Upload allows all file uploads https://cvefeed.io/vuln/detail/CVE-2025-13827

##

CVE-2025-64750
(4.5 MEDIUM)

EPSS: 0.01%

updated 2025-12-02T21:07:03

1 posts

### Impact _**Native Mode (default)**_ Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules (LSMs), via the `--security selinux:<label>` or `--security apparmor:<profile>` flags. LSM labels are written to process or thread `attrs/exec` under `/proc`. If a user relies on LSM restrictions to prevent mal

jos1264@social.skynetcloud.site at 2025-12-02T18:55:03.000Z ##

CVE-2025-64750 - Singluarity ineffectively applies of selinux / apparmor LSM process labels https://cvefeed.io/vuln/detail/CVE-2025-64750

##

CVE-2023-53261
(5.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-02T20:45:00.577000

2 posts

In the Linux kernel, the following vulnerability has been resolved: coresight: Fix memory leak in acpi_buffer->pointer There are memory leaks reported by kmemleak: ... unreferenced object 0xffff00213c141000 (size 1024): comm "systemd-udevd", pid 2123, jiffies 4294909467 (age 6062.160s) hex dump (first 32 bytes): 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ...........<!... 00 00

AAKL at 2025-12-04T17:21:09.668Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T17:21:09.000Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

CVE-2025-65187
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-12-02T20:15:52.670000

1 posts

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:02.000Z ##

CVE-2025-65187 - CiviCRM Stored XSS https://cvefeed.io/vuln/detail/CVE-2025-65187

##

CVE-2025-63872
(6.1 MEDIUM)

EPSS: 0.04%

updated 2025-12-02T20:15:51.837000

1 posts

DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content.

jos1264@social.skynetcloud.site at 2025-12-02T18:55:02.000Z ##

CVE-2025-63872 - DeepSeek XSS Vector Injection https://cvefeed.io/vuln/detail/CVE-2025-63872

##

CVE-2023-53292
(5.5 MEDIUM)

EPSS: 0.02%

updated 2025-12-02T19:07:08.450000

2 posts

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none After grabbing q->sysfs_lock, q->elevator may become NULL because of elevator switch. Fix the NULL dereference on q->elevator by checking it with lock.

AAKL at 2025-12-04T17:21:09.668Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T17:21:09.000Z ##

Microsoft has updated its security guide:

New: CVE-2023-53292: blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53292

New: CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53261

New: CVE-2022-50266: kprobes: Fix check for probe enabled in kill_kprobe() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50266 #Microsoft #infosec #Linux #vulnerability

##

CVE-2025-13828
(0 None)

EPSS: 0.04%

updated 2025-12-02T17:16:29.163000

2 posts

SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges.

jos1264@social.skynetcloud.site at 2025-12-02T19:15:02.000Z ##

CVE-2025-13828 - Mautic user without privileged access to the Marketplace can install and uninstall composer packages https://cvefeed.io/vuln/detail/CVE-2025-13828

##

jos1264@social.skynetcloud.site at 2025-12-02T18:55:02.000Z ##

CVE-2025-13828 - Mautic user without privileged access to the Marketplace can install and uninstall composer packages https://cvefeed.io/vuln/detail/CVE-2025-13828

##

CVE-2025-12106
(9.1 CRITICAL)

EPSS: 0.06%

updated 2025-12-01T21:31:27

1 posts

Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses

beyondmachines1@infosec.exchange at 2025-12-03T08:01:31.000Z ##

OpenVPN releases security updates patching HMAC bypass, buffer over-read, and Windows DoS flaws

OpenVPN has patched three vulnerabilities including two critical flaws (CVE-2025-13086 and CVE-2025-12106, both CVSS 9.1): a logic error that bypasses HMAC verification allowing unauthorized TLS sessions from any IP address, and an IPv6 parsing flaw causing buffer over-reads.

**Plan a quick update of your OpenVPN to version 2.6.17 (stable) or 2.7_rc3 (development) to fix three interesting security flaws. This is not critical, but a wise choice to patch, since OpenVPN is exposed to the internet and someone will find an exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/openvpn-releases-security-updates-patching-hmac-bypass-buffer-over-read-and-windows-dos-flaws-1-o-b-m-6/gD2P6Ple2L

##

CVE-2021-26829
(5.4 MEDIUM)

EPSS: 32.79%

updated 2025-12-01T15:23:18.697000

1 posts

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

undercodenews@mastodon.social at 2025-12-04T23:22:57.000Z ##

US CISA Flags Critical OpenPLC ScadaBR Vulnerabilities Impacting Industrial Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities in OpenPLC ScadaBR to its Known Exploited Vulnerabilities (KEV) catalog, signaling a heightened risk for industrial control systems across both public and private sectors. These flaws, identified as CVE-2021-26828 and CVE-2021-26829, expose critical weaknesses that could allow…

https://undercodenews.com/us-cisa-flags-critical-openplc-scadabr-vulnerabilities-impacting-industrial-systems/

##

CVE-2025-6389
(9.8 CRITICAL)

EPSS: 0.34%

updated 2025-11-25T03:30:26

2 posts

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoor

1 repos

https://github.com/Ashwesker/Blackash-CVE-2025-6389

beyondmachines1 at 2025-12-05T12:01:31.997Z ##

Critical remote code execution flaw in Sneeit Framework WordPress Plugin actively exploited

A critical remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is under active exploitation. The flaw allows unauthenticated attackers to create admin accounts, upload backdoors, and fully compromise servers.

**If you're using the Sneeit Framework WordPress plugin, immediately update to version 8.4 or later. Your site is vulnerable and is actively attacked. Check your WordPress site for unauthorized administrator accounts (especially username "arudikadis") and suspicious PHP files in your uploads directory to ensure you haven't been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-sneeit-framework-wordpress-plugin-actively-exploited-i-m-n-t-2/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-12-05T12:01:31.000Z ##

Critical remote code execution flaw in Sneeit Framework WordPress Plugin actively exploited

A critical remote code execution vulnerability (CVE-2025-6389) in the Sneeit Framework WordPress plugin is under active exploitation. The flaw allows unauthenticated attackers to create admin accounts, upload backdoors, and fully compromise servers.

**If you're using the Sneeit Framework WordPress plugin, immediately update to version 8.4 or later. Your site is vulnerable and is actively attacked. Check your WordPress site for unauthorized administrator accounts (especially username "arudikadis") and suspicious PHP files in your uploads directory to ensure you haven't been compromised.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-sneeit-framework-wordpress-plugin-actively-exploited-i-m-n-t-2/gD2P6Ple2L

##

CVE-2018-25126(CVSS UNKNOWN)

EPSS: 1.56%

updated 2025-11-24T21:31:06

1 posts

Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor credential string and passes user-controlled fields into shell execution contexts without proper argument sa

sambowne@infosec.exchange at 2025-12-03T14:27:40.000Z ##

NVD - CVE-2018-25126 - Shenzhen NVMS-9000 firmware contains hardcoded API credentials and an OS command injection flaw https://nvd.nist.gov/vuln/detail/CVE-2018-25126

##

CVE-2025-11001
(7.8 HIGH)

EPSS: 0.29%

updated 2025-11-24T15:07:32.807000

2 posts

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Craf

6 repos

https://github.com/lastvocher/7zip-CVE-2025-11001

https://github.com/shalevo13/Se7enSlip

https://github.com/mbanyamer/CVE-2025-11001---7-Zip

https://github.com/pacbypass/CVE-2025-11001

https://github.com/Ashwesker/Blackash-CVE-2025-11001

https://github.com/ranasen-rat/CVE-2025-11001

beyondmachines1 at 2025-12-05T11:01:31.711Z ##

7-Zip vulnerability that enables remote code execution actively exploited

A critical vulnerability in 7-Zip (CVE-2025-11001) that allows remote code execution through malicious ZIP archives is being actively exploited in the wild, targeting healthcare and financial services organizations.

**If you are using 7-Zip, this is urgent. Hackers are exploiting the 7-Zip flaw exploitable just by opening a malicious ZIP file. Update your 7-Zip software to version 25.01 or later ASAP.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/7-zip-vulnerability-that-enables-remote-code-execution-actively-exploited-f-d-5-g-j/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-12-05T11:01:31.000Z ##

7-Zip vulnerability that enables remote code execution actively exploited

A critical vulnerability in 7-Zip (CVE-2025-11001) that allows remote code execution through malicious ZIP archives is being actively exploited in the wild, targeting healthcare and financial services organizations.

**If you are using 7-Zip, this is urgent. Hackers are exploiting the 7-Zip flaw exploitable just by opening a malicious ZIP file. Update your 7-Zip software to version 25.01 or later ASAP.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/7-zip-vulnerability-that-enables-remote-code-execution-actively-exploited-f-d-5-g-j/gD2P6Ple2L

##

CVE-2025-20304
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-11-19T21:56:39.907000

2 posts

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities b

AAKL at 2025-12-04T16:41:16.893Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T16:41:16.000Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2025-20289
(4.8 MEDIUM)

EPSS: 0.04%

updated 2025-11-19T15:13:13.230000

2 posts

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities b

AAKL at 2025-12-04T16:41:16.893Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T16:41:16.000Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2015-5119
(9.8 CRITICAL)

EPSS: 93.08%

updated 2025-11-17T21:32:22

1 posts

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited

4 repos

https://github.com/dangokyo/CVE-2015-5119

https://github.com/jvazquez-r7/CVE-2015-5119

https://github.com/Xattam1/Adobe-Flash-Exploits_17-18

https://github.com/CiscoCXSecurity/CVE-2015-5119_walkthrough

invoxiplaygames.uk@bsky.brid.gy at 2025-12-02T18:04:39.305Z ##

if page is visited on old browser with Adobe Flash versions 10 through 18 (roughly) you could even use CVE-2015-5119. it's my favourite vulnerability. the exploit is so clean. Straight memory peeks and pokes from actionscript. Best. UaF. Ever.

##

CVE-2025-10157
(7.8 HIGH)

EPSS: 0.20%

updated 2025-11-13T17:02:36.447000

3 posts

A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly c

AAKL at 2025-12-03T16:22:21.732Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

AAKL@infosec.exchange at 2025-12-03T16:22:21.000Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

beyondmachines1@infosec.exchange at 2025-12-03T09:01:31.000Z ##

Critical vulnerabilities reported in PickleScan

The JFrog Security Research Team discovered three critical zero-day vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) in PickleScan, a widely used ML model security scanning tool, that allow attackers to completely bypass malware detection through file extension manipulation, corrupted ZIP archives, and blacklist evasion techniques. These vulnerabilities could enable large-scale supply chain attacks by distributing malicious ML models through platforms like Hugging Face.

**If you use PickleScan to scan machine learning models, update ASAP to version 0.0.31 or later. There are three critical vulnerabilities with PoC exploits, so attackers will start pushing out malicious payloads. Also, consider using safer serialization formats like Safetensors instead of Pickle for your ML models.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-picklescan-z-j-b-t-s/gD2P6Ple2L

##

CVE-2025-12443
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-11T00:30:20

2 posts

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Hackread@mstdn.social at 2025-12-04T13:23:20.000Z ##

⚠️ Alert: A #WebXR flaw (CVE-2025-12443) affected Chrome, Edge, Brave, Opera and other Chromium browsers - over 4 billion devices at risk. Patch pushed - update your browser now! 🔐

Read: https://hackread.com/webxr-flaw-chromium-users-browser-update/

#CyberSecurity #BrowserUpdate #Chromium #Chrome #Brave

##

Hackread@mstdn.social at 2025-12-04T13:23:20.000Z ##

⚠️ Alert: A #WebXR flaw (CVE-2025-12443) affected Chrome, Edge, Brave, Opera and other Chromium browsers - over 4 billion devices at risk. Patch pushed - update your browser now! 🔐

Read: https://hackread.com/webxr-flaw-chromium-users-browser-update/

#CyberSecurity #BrowserUpdate #Chromium #Chrome #Brave

##

CVE-2025-34299(CVSS UNKNOWN)

EPSS: 11.03%

updated 2025-11-07T15:31:36

2 posts

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

3 repos

https://github.com/Chocapikk/CVE-2025-34299

https://github.com/rxerium/CVE-2025-34299

https://github.com/Ashwesker/Blackash-CVE-2025-34299

DarkWebInformer at 2025-12-04T17:59:05.639Z ##

🚨 Alleged Leak of Unauthorized Monsta FTP Access; CVE-2025-34299

https://darkwebinformer.com/alleged-leak-of-unauthorized-monsta-ftp-access-cve-2025-34299/

##

DarkWebInformer@infosec.exchange at 2025-12-04T17:59:05.000Z ##

🚨 Alleged Leak of Unauthorized Monsta FTP Access; CVE-2025-34299

https://darkwebinformer.com/alleged-leak-of-unauthorized-monsta-ftp-access-cve-2025-34299/

##

CVE-2025-9491
(7.8 HIGH)

EPSS: 0.23%

updated 2025-11-05T21:15:36.513000

9 posts

Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Craft

1 repos

https://github.com/Amperclock/CVE-2025-9491_POC

undercodenews@mastodon.social at 2025-12-05T07:22:17.000Z ##

Hidden Threats in Windows Shortcuts: Microsoft Patches Nearly a Decade-Old Vulnerability

Windows users may have unknowingly been at risk for years due to a stealthy vulnerability in shortcut files. Microsoft has quietly patched a flaw that allowed attackers to conceal malicious commands in Windows shortcuts (LNK files), a weakness exploited since at least 2017. This vulnerability, now tracked as CVE-2025-9491, highlights the risks lurking in everyday system tools and…

https://undercodenews.com/hidden-threats-in-windows-shortcuts-microsoft-patches-nearly-a-decade-old-vulnerability/

##

benzogaga33@mamot.fr at 2025-12-04T10:40:02.000Z ##

Une faille zero-day Windows associée aux fichiers LNK a été atténuée discrètement par Microsoft https://www.it-connect.fr/windows-zero-day-fichiers-lnk-cve-2025-9491-attenuation-microsoft/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows

##

maniabel@mastodon.de at 2025-12-03T19:17:59.000Z ##

Update: Mit dem November-Update 2025 veröffentlichte Microsoft einen "Nicht-Patch-Patch". Recht lautlos wurde der Umgang von Windows mit den *lnk-Dateien geändert, wohl mit dem Ziel, die Sicherheitslücke CVE-2025-9491 zu schließen.

Mehr: https://maniabel.work/archiv/401

#infosec #infosecnews #lnkfiles #malware #zeroday #BeDiS

##

beyondmachines1 at 2025-12-03T19:01:31.576Z ##

Microsoft silently mitigates Windows LNK Zero-Day flaw exploited by state-backed hackers

Microsoft silently patched a high-severity Windows LNK vulnerability (CVE-2025-9491) that was actively exploited by at least 11 state-backed hacking groups and cybercrime organizations to hide malicious commands within .lNK files by padding them beyond the 260-character visibility limit. The flaw, which targeted European diplomatic entities and government departments, initially was not patched by Microsoft despite exploitation. The November 2025 fix is incomplete as it doesn't remove existing malicious code or warn users about suspicious files.

**Apply the November 2025 Windows updates immediately to partially mitigate a vulnerability, which allows hackers to hide malicious commands in .LNK shortcut files. Also, be EXTREMELY cautious opening any .LNK files from emails or downloads, especially from ZIP archives - even after updating, only open shortcuts from sources you can absolutely verify and trust.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-silently-mitigates-windows-lnk-zero-day-flaw-exploited-by-state-backed-hackers-l-c-e-8-v/gD2P6Ple2L

##

undercodenews@mastodon.social at 2025-12-03T17:09:29.000Z ##

Microsoft Silently Mitigates Critical Windows LNK Vulnerability Exploited in Zero-Day Attacks

A high-severity Windows vulnerability, tracked as CVE-2025-9491, has been quietly mitigated by Microsoft after being exploited in widespread zero-day attacks by both state-sponsored and cybercrime groups. This flaw allowed attackers to embed malicious commands in Windows LNK (shortcut) files, a tactic that could deliver malware and maintain persistent access to compromised…

https://undercodenews.com/microsoft-silently-mitigates-critical-windows-lnk-vulnerability-exploited-in-zero-day-attacks/

##

AAKL at 2025-12-03T16:18:19.038Z ##

November 20 was the last time Microsoft's security guide was updated.

0patch blog, from yesterday: Microsoft Silently Patched CVE-2025-9491 - We Think Our Patch Provides More Security https://blog.0patch.com/2025/12/microsoft-silently-patched-cve-2025.html

More:

Security Week: Microsoft Silently Mitigated Exploited LNK Vulnerability https://www.securityweek.com/microsoft-silently-mitigated-exploited-lnk-vulnerability/ @SecurityWeek #Microsoft #vulnerability #infosec

##

benzogaga33@mamot.fr at 2025-12-04T10:40:02.000Z ##

Une faille zero-day Windows associée aux fichiers LNK a été atténuée discrètement par Microsoft https://www.it-connect.fr/windows-zero-day-fichiers-lnk-cve-2025-9491-attenuation-microsoft/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows

##

beyondmachines1@infosec.exchange at 2025-12-03T19:01:31.000Z ##

Microsoft silently mitigates Windows LNK Zero-Day flaw exploited by state-backed hackers

Microsoft silently patched a high-severity Windows LNK vulnerability (CVE-2025-9491) that was actively exploited by at least 11 state-backed hacking groups and cybercrime organizations to hide malicious commands within .lNK files by padding them beyond the 260-character visibility limit. The flaw, which targeted European diplomatic entities and government departments, initially was not patched by Microsoft despite exploitation. The November 2025 fix is incomplete as it doesn't remove existing malicious code or warn users about suspicious files.

**Apply the November 2025 Windows updates immediately to partially mitigate a vulnerability, which allows hackers to hide malicious commands in .LNK shortcut files. Also, be EXTREMELY cautious opening any .LNK files from emails or downloads, especially from ZIP archives - even after updating, only open shortcuts from sources you can absolutely verify and trust.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-silently-mitigates-windows-lnk-zero-day-flaw-exploited-by-state-backed-hackers-l-c-e-8-v/gD2P6Ple2L

##

AAKL@infosec.exchange at 2025-12-03T16:18:19.000Z ##

November 20 was the last time Microsoft's security guide was updated.

0patch blog, from yesterday: Microsoft Silently Patched CVE-2025-9491 - We Think Our Patch Provides More Security https://blog.0patch.com/2025/12/microsoft-silently-patched-cve-2025.html

More:

Security Week: Microsoft Silently Mitigated Exploited LNK Vulnerability https://www.securityweek.com/microsoft-silently-mitigated-exploited-lnk-vulnerability/ @SecurityWeek #Microsoft #vulnerability #infosec

##

CVE-2025-54988
(9.8 CRITICAL)

EPSS: 0.03%

updated 2025-11-05T20:40:58

2 posts

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a depende

1 repos

https://github.com/mgthuramoemyint/POC-CVE-2025-54988

cR0w at 2025-12-04T17:09:00.797Z ##

Perfect 10 XXE in Apache Tika tika-core. 🥳

https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

https://lists.apache.org/thread/s5x3k93nhbkqzztp1olxotoyjpdlps9k

##

cR0w@infosec.exchange at 2025-12-04T17:09:00.000Z ##

Perfect 10 XXE in Apache Tika tika-core. 🥳

Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. \n\nThis CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. \n\nFirst, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. \n\nSecond, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the \"org.apache.tika:tika-parsers\" module.

Source: https://www.securityweek.com/critical-king-addons-vulnerability-exploited-to-hack-wordpress-sites/

##

CVE-2025-20303
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-11-05T17:48:33

2 posts

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by

AAKL at 2025-12-04T16:41:16.893Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

AAKL@infosec.exchange at 2025-12-04T16:41:16.000Z ##

Cisco has an updated advisory relating to CVE-2025-20289, CVE-2025-20303, CVE-2025-20304.

Medium severity, no workarounds: Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2025-8489
(9.8 CRITICAL)

EPSS: 0.13%

updated 2025-11-04T15:41:31.450000

8 posts

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

cyberveille@mastobot.ping.moi at 2025-12-04T14:00:04.000Z ##

📢 CVE-2025-8489: exploitation active d’une élévation de privilèges dans le plugin King Addons for Elementor (WordPress)
📝 S...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-04-cve-2025-8489-exploitation-active-dune-elevation-de-privileges-dans-le-plugin-king-addons-for-elementor-wordpress/
🌐 source : https://www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/
#CVE_2025_8489 #King_Addons_for_Elementor #Cyberveille

##

offseq at 2025-12-04T06:02:44.856Z ##

⚠️ Active exploit: CRITICAL flaw in King Addons for Elementor (WordPress) lets unauth attackers register as admins (CVE-2025-8489). Patch to 51.1.35+ ASAP, audit admin accounts, monitor /wp-admin/admin-ajax.php. https://radar.offseq.com/threat/wordpress-king-addons-flaw-under-active-attack-let-7dd87bc3 #OffSeq #WordPress #infosec #vuln

##

oversecurity@mastodon.social at 2025-12-03T21:50:06.000Z ##

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for...

🔗️ [Bleepingcomputer] https://link.is.it/WeissI

##

beyondmachines1 at 2025-12-03T17:01:31.030Z ##

Critical privilege escalation flaw in King Addons for Elementor plugin enables takeover of WordPress Sites

A critical privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor WordPress plugin allows unauthenticated attackers to create administrator accounts due to improper validation of user roles during registration. Over 48,000 exploitation attempts are already reported as blocked by WordFence.

**If you're using King Addons for Elementor plugin, immediately update to version 51.1.35 or later. There is an actively exploited vulnerability to create rogue administrator accounts. After updating, review all user accounts on your WordPress site and remove any suspicious or unknown administrator accounts that shouldn't be there.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-flaw-in-king-addons-for-elementor-plugin-enables-takeover-of-wordpress-sites-x-e-8-d-0/gD2P6Ple2L

##

technadu at 2025-12-03T16:19:58.565Z ##

Critical WordPress plugin flaw alert — CVE-2025-8489 (King Addons for Elementor) is being widely exploited.

The vulnerability allowed unauthenticated attackers to assign themselves administrator roles, leading to complete site compromise.

Defiant’s telemetry shows nearly 50,000 exploitation attempts.
If you’re managing WordPress infrastructure, verifying plugin versions and reviewing registration logs is strongly recommended.

💬 What mitigation practices do you use to reduce plugin-related risks?
🔁 Follow for unbiased security updates.

#Infosec #WordPressSecurity #CVE20258489 #ThreatIntel #KingAddons #Elementor #WebSecurity

##

oversecurity@mastodon.social at 2025-12-03T21:50:06.000Z ##

Critical flaw in WordPress add-on for Elementor exploited in attacks

Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin for...

🔗️ [Bleepingcomputer] https://link.is.it/WeissI

##

beyondmachines1@infosec.exchange at 2025-12-03T17:01:31.000Z ##

Critical privilege escalation flaw in King Addons for Elementor plugin enables takeover of WordPress Sites

A critical privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor WordPress plugin allows unauthenticated attackers to create administrator accounts due to improper validation of user roles during registration. Over 48,000 exploitation attempts are already reported as blocked by WordFence.

**If you're using King Addons for Elementor plugin, immediately update to version 51.1.35 or later. There is an actively exploited vulnerability to create rogue administrator accounts. After updating, review all user accounts on your WordPress site and remove any suspicious or unknown administrator accounts that shouldn't be there.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-privilege-escalation-flaw-in-king-addons-for-elementor-plugin-enables-takeover-of-wordpress-sites-x-e-8-d-0/gD2P6Ple2L

##

technadu@infosec.exchange at 2025-12-03T16:19:58.000Z ##

Critical WordPress plugin flaw alert — CVE-2025-8489 (King Addons for Elementor) is being widely exploited.

The vulnerability allowed unauthenticated attackers to assign themselves administrator roles, leading to complete site compromise.

Defiant’s telemetry shows nearly 50,000 exploitation attempts.
If you’re managing WordPress infrastructure, verifying plugin versions and reviewing registration logs is strongly recommended.

Source: https://www.securityweek.com/critical-king-addons-vulnerability-exploited-to-hack-wordpress-sites/

💬 What mitigation practices do you use to reduce plugin-related risks?
🔁 Follow for unbiased security updates.

#Infosec #WordPressSecurity #CVE20258489 #ThreatIntel #KingAddons #Elementor #WebSecurity

##

CVE-2021-44228
(10.0 CRITICAL)

EPSS: 94.36%

updated 2025-10-27T17:40:33.680000

2 posts

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is en

Nuclei template

100 repos

https://github.com/1lann/log4shelldetect

https://github.com/alexandre-lavoie/python-log4rce

https://github.com/hackinghippo/log4shell_ioc_ips

https://github.com/redhuntlabs/Log4JHunt

https://github.com/BinaryDefense/log4j-honeypot-flask

https://github.com/korteke/log4shell-demo

https://github.com/lfama/log4j_checker

https://github.com/NCSC-NL/log4shell

https://github.com/0xDexter0us/Log4J-Scanner

https://github.com/thecyberneh/Log4j-RCE-Exploiter

https://github.com/NorthwaveSecurity/log4jcheck

https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch

https://github.com/Diverto/nse-log4shell

https://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228

https://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228

https://github.com/kozmer/log4j-shell-poc

https://github.com/infiniroot/nginx-mitigate-log4shell

https://github.com/mr-vill4in/log4j-fuzzer

https://github.com/claranet/ansible-role-log4shell

https://github.com/NS-Sp4ce/Vm4J

https://github.com/CERTCC/CVE-2021-44228_scanner

https://github.com/momos1337/Log4j-RCE

https://github.com/Jeromeyoung/log4j2burpscanner

https://github.com/boundaryx/cloudrasp-log4j2

https://github.com/sassoftware/loguccino

https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-lab

https://github.com/yahoo/check-log4j

https://github.com/darkarnium/Log4j-CVE-Detect

https://github.com/shamo0/CVE-2021-44228

https://github.com/leonjza/log4jpwn

https://github.com/Nanitor/log4fix

https://github.com/cisagov/log4j-scanner

https://github.com/MalwareTech/Log4jTools

https://github.com/mufeedvh/log4jail

https://github.com/nccgroup/log4j-jndi-be-gone

https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshell

https://github.com/puzzlepeaches/Log4jHorizon

https://github.com/0xInfection/LogMePwn

https://github.com/lucab85/log4j-cve-2021-44228

https://github.com/mr-r3b00t/CVE-2021-44228

https://github.com/giterlizzi/nmap-log4shell

https://github.com/Azeemering/CVE-2021-44228-DFIR-Notes

https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector

https://github.com/thomaspatzke/Log4Pot

https://github.com/DragonSurvivalEU/RCE

https://github.com/fullhunt/log4j-scan

https://github.com/mzlogin/CVE-2021-44228-Demo

https://github.com/christophetd/log4shell-vulnerable-app

https://github.com/stripe/log4j-remediation-tools

https://github.com/LiveOverflow/log4shell

https://github.com/CrackerCat/CVE-2021-44228-Log4j-Payloads

https://github.com/mergebase/log4j-detector

https://github.com/puzzlepeaches/Log4jCenter

https://github.com/alexbakker/log4shell-tools

https://github.com/logpresso/CVE-2021-44228-Scanner

https://github.com/jas502n/Log4j2-CVE-2021-44228

https://github.com/sunnyvale-it/CVE-2021-44228-PoC

https://github.com/simonis/Log4jPatch

https://github.com/Adikso/minecraft-log4j-honeypot

https://github.com/fireeye/CVE-2021-44228

https://github.com/wortell/log4j

https://github.com/toramanemre/log4j-rce-detect-waf-bypass

https://github.com/KosmX/CVE-2021-44228-example

https://github.com/back2root/log4shell-rex

https://github.com/blake-fm/vcenter-log4j

https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228

https://github.com/ssl/scan4log4j

https://github.com/corretto/hotpatch-for-apache-log4j2

https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

https://github.com/cyberxml/log4j-poc

https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

https://github.com/puzzlepeaches/Log4jUnifi

https://github.com/tippexs/nginx-njs-waf-cve2021-44228

https://github.com/f0ng/log4j2burpscanner

https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

https://github.com/AlexandreHeroux/Fix-CVE-2021-44228

https://github.com/dwisiswant0/look4jar

https://github.com/julian911015/Log4j-Scanner-Exploit

https://github.com/roxas-tan/CVE-2021-44228

https://github.com/rubo77/log4j_checker_beta

https://github.com/sec13b/CVE-2021-44228-POC

https://github.com/corelight/cve-2021-44228

https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce

https://github.com/pedrohavay/exploit-CVE-2021-44228

https://github.com/kubearmor/log4j-CVE-2021-44228

https://github.com/Kadantte/CVE-2021-44228-poc

https://github.com/takito1812/log4j-detect

https://github.com/bigsizeme/Log4j-check

https://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploit

https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent

https://github.com/marcourbano/CVE-2021-44228

https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228

https://github.com/greymd/CVE-2021-44228

https://github.com/justakazh/Log4j-CVE-2021-44228

https://github.com/fox-it/log4j-finder

https://github.com/HynekPetrak/log4shell-finder

https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator

https://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCs

https://github.com/qingtengyun/cve-2021-44228-qingteng-patch

https://github.com/future-client/CVE-2021-44228

xssfox@cloudisland.nz at 2025-12-05T02:30:23.000Z ##

Vulnerability Common Schema (replaces old CVE system)

{Product/module name or prefix}{severity number}{exploit type}

For example, CVE-2021-44228 becomes
Log4shell
CVE-2025-55182 becomes
React2shell

Simple.

##

xssfox@cloudisland.nz at 2025-12-05T02:30:23.000Z ##

Vulnerability Common Schema (replaces old CVE system)

{Product/module name or prefix}{severity number}{exploit type}

For example, CVE-2021-44228 becomes
Log4shell
CVE-2025-55182 becomes
React2shell

Simple.

##

CVE-2025-61882
(9.8 CRITICAL)

EPSS: 74.07%

updated 2025-10-27T17:08:52.230000

3 posts

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concu

Nuclei template

13 repos

https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit

https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884

https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884

https://github.com/Sachinart/CVE-2025-61882

https://github.com/GhoStZA-debug/CVE-2025-61882

https://github.com/BattalionX/http-oracle-ebs-cve-2025-61882.nse

https://github.com/AshrafZaryouh/CVE-2025-61882-Executive-Summary

https://github.com/MindflareX/CVE-2025-61882-POC

https://github.com/RootAid/CVE-2025-61882

https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882

https://github.com/Zhert-lab/CVE-2025-61882-CVE-2025-61884

https://github.com/zerozenxlabs/CVE-2025-61882-Oracle-EBS

https://github.com/Ashwesker/Blackash-CVE-2025-61882

beyondmachines1 at 2025-12-05T08:01:31.657Z ##

University of Phoenix reports data breach caused by Oracle E-Business Suite exploit

University of Phoenix experienced a data breach after attackers exploited CVE-2025-61882, a zero-day vulnerability in Oracle E-Business Suite. The attackers maintained access from August through November 2024. The breach compromised sensitive data of students, employees, faculty, and suppliers.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/university-of-phoenix-reports-data-breach-caused-by-oracle-e-business-suite-exploit-9-s-m-i-2/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-12-05T08:01:31.000Z ##

University of Phoenix reports data breach caused by Oracle E-Business Suite exploit

University of Phoenix experienced a data breach after attackers exploited CVE-2025-61882, a zero-day vulnerability in Oracle E-Business Suite. The attackers maintained access from August through November 2024. The breach compromised sensitive data of students, employees, faculty, and suppliers.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/university-of-phoenix-reports-data-breach-caused-by-oracle-e-business-suite-exploit-9-s-m-i-2/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2025-12-03T12:01:31.000Z ##

University of Pennsylvania reports data breach caused by Oracle E-Business Suite exploit

The University of Pennsylvania reports a data breach in August 2025 when attackers exploited CVE-2025-61882, a critical vulnerability in Oracle E-Business Suite servers, compromising personal information of approximately 1,488 individuals. Penn was one of nearly 100 organizations affected by the Oracle EBS exploit.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/university-of-pennsylvania-reports-data-breach-caused-by-oracle-e-business-suite-exploit-6-s-h-8-j/gD2P6Ple2L

##

CVE-2024-1086
(7.8 HIGH)

EPSS: 86.39%

updated 2025-10-27T17:06:37.437000

1 posts

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgradi

9 repos

https://github.com/feely666/CVE-2024-1086

https://github.com/karim4353/CVE-2024-1086-Exploit

https://github.com/Notselwyn/CVE-2024-1086

https://github.com/xzx482/CVE-2024-1086

https://github.com/LLfam/CVE-2024-1086

https://github.com/CCIEVoice2009/CVE-2024-1086

https://github.com/kevcooper/CVE-2024-1086-checker

https://github.com/Alicey0719/docker-POC_CVE-2024-1086

https://github.com/andigandhi/bitpixie

sambowne@infosec.exchange at 2025-12-03T14:25:31.000Z ##

Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns | Sysdig https://www.sysdig.com/blog/detecting-cve-2024-1086-the-decade-old-linux-kernel-vulnerability-thats-being-actively-exploited-in-ransomware-campaigns

##

CVE-2025-57848
(5.2 MEDIUM)

EPSS: 0.01%

updated 2025-10-27T13:20:15.637000

1 posts

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file

nyanbinary@infosec.exchange at 2025-12-02T20:57:38.000Z ##

@cR0w https://nvd.nist.gov/vuln/detail/CVE-2025-57848

##

CVE-2025-10156
(9.8 CRITICAL)

EPSS: 0.27%

updated 2025-10-02T19:04:56

3 posts

An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly co

AAKL at 2025-12-03T16:22:21.732Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

AAKL@infosec.exchange at 2025-12-03T16:22:21.000Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

beyondmachines1@infosec.exchange at 2025-12-03T09:01:31.000Z ##

Critical vulnerabilities reported in PickleScan

The JFrog Security Research Team discovered three critical zero-day vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) in PickleScan, a widely used ML model security scanning tool, that allow attackers to completely bypass malware detection through file extension manipulation, corrupted ZIP archives, and blacklist evasion techniques. These vulnerabilities could enable large-scale supply chain attacks by distributing malicious ML models through platforms like Hugging Face.

**If you use PickleScan to scan machine learning models, update ASAP to version 0.0.31 or later. There are three critical vulnerabilities with PoC exploits, so attackers will start pushing out malicious payloads. Also, consider using safer serialization formats like Safetensors instead of Pickle for your ML models.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-picklescan-z-j-b-t-s/gD2P6Ple2L

##

CVE-2025-10155
(7.8 HIGH)

EPSS: 0.17%

updated 2025-09-18T12:51:23

3 posts

### Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension (e.g., .bin). This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle file with such an extension instead of falling back to standard pickle analysis. This vulnerabilit

AAKL at 2025-12-03T16:22:21.732Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

AAKL@infosec.exchange at 2025-12-03T16:22:21.000Z ##

This affects CVE-2025-10155, CVE-2025-10156, and CVE-2025-10157.

JFrog, from yesterday: PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/

More:

Infosecurity-Magazine: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains https://www.infosecurity-magazine.com/news/picklescan-flaws-expose-ai-supply/ #infosec #opensource #Python #zeroday

##

beyondmachines1@infosec.exchange at 2025-12-03T09:01:31.000Z ##

Critical vulnerabilities reported in PickleScan

The JFrog Security Research Team discovered three critical zero-day vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) in PickleScan, a widely used ML model security scanning tool, that allow attackers to completely bypass malware detection through file extension manipulation, corrupted ZIP archives, and blacklist evasion techniques. These vulnerabilities could enable large-scale supply chain attacks by distributing malicious ML models through platforms like Hugging Face.

**If you use PickleScan to scan machine learning models, update ASAP to version 0.0.31 or later. There are three critical vulnerabilities with PoC exploits, so attackers will start pushing out malicious payloads. Also, consider using safer serialization formats like Safetensors instead of Pickle for your ML models.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-picklescan-z-j-b-t-s/gD2P6Ple2L

##

CVE-2025-5518
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-09-16T12:49:16.060000

4 posts

Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.This issue affects BILGER: before 2.4.6.

86 repos

https://github.com/clevernyyyy/CVE-2025-55182-Dockerized

https://github.com/emadshanab/POC-for-CVE-2025-55182

https://github.com/alexandre-briongos-wavestone/react-cve-2025-55182-lab

https://github.com/Chocapikk/CVE-2025-55182

https://github.com/ZemarKhos/CVE-2025-55182-Exploit-PoC-Scanner

https://github.com/atastycookie/CVE-2025-55182

https://github.com/ducducuc111/CVE-2025-55182-poc

https://github.com/Chelsea486MHz/CVE-2025-55182-test

https://github.com/BankkRoll/Quickcheck-CVE-2025-55182-React-and-CVE-2025-66478-Next.js

https://github.com/ps-interactive/cve-2025-55182

https://github.com/Airis101/CVE-2025-55182-analysis

https://github.com/lunbun/CVE-2025-55188

https://github.com/Ashwesker/Blackash-CVE-2025-55182

https://github.com/c0rydoras/CVE-2025-55182

https://github.com/hoosin/CVE-2025-55182

https://github.com/im-hanzou/CVE-2025-55182-POC-SCANNER

https://github.com/nehkark/CVE-2025-55182

https://github.com/Rat5ak/CVE-2025-55182-React2Shell-RCE-POC

https://github.com/Sotatek-KhaiNguyen3/CVE-2025-55182

https://github.com/SoICT-BKSEC/CVE-2025-55182-docker-lab

https://github.com/GarethMSheldon/React2Shell-CVE-2025-55182-Detector

https://github.com/younesZdDz/CVE-2025-55182

https://github.com/Rsatan/CVE-2025-55182-Tools

https://github.com/heiheishushu/rsc_detect_CVE-2025-55182

https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc

https://github.com/ngvcanh/CVE-2025-55182-Attack-Analysis

https://github.com/sudo-Yangziran/CVE-2025-55182POC

https://github.com/zessu/CVE-2025-55182-Typescript

https://github.com/sherlocksecurity/CVE-2025-55182-Exploit-scanner

https://github.com/Pa2sw0rd/exploit-CVE-2025-55182-poc

https://github.com/ceortiz33/CVE-2025-55182

https://github.com/selectarget/CVE-2025-55182-Exploit

https://github.com/hzhsec/cve_2025_55182_test

https://github.com/ZihxS/check-react-rce-cve-2025-55182

https://github.com/nomorebreach/POC-CVE-2025-55182

https://github.com/whiteov3rflow/CVE-2025-55182-poc

https://github.com/Spritualkb/CVE-2025-55182-exp

https://github.com/f0xyx/CVE-2025-55182-Scanner

https://github.com/santihabib/CVE-2025-55182-analysis

https://github.com/aliclub0x00/CVE-2025-55182-POC-NEXTJS

https://github.com/XiaomingX/CVE-2025-55182-poc

https://github.com/EynaExp/CVE-2025-55182-POC

https://github.com/jf0x3a/CVE-2025-55182-exploit

https://github.com/prestonhashworth/cve-2025-55182

https://github.com/nanwinata/CVE-2025-55182-Scanner

https://github.com/oways/React2shell-CVE-2025-55182-checker

https://github.com/hualy13/CVE-2025-55182

https://github.com/aquinn-r7/CVE-2025-55182-VulnCheckPOC

https://github.com/nerium-security/CVE-2025-55182

https://github.com/ThemeHackers/CVE-2025-55182

https://github.com/logesh-GIT001/CVE-2025-55182

https://github.com/l4rm4nd/CVE-2025-55182

https://github.com/xkillbit/cve-2025-55182-scanner

https://github.com/joshterrill/CVE-2025-55182-realistic-poc

https://github.com/ABCFabian/React2Shell-CVE-2025-55182-Testing-Environment

https://github.com/fatguru/CVE-2025-55182-scanner

https://github.com/RuoJi6/CVE-2025-55182-RCE-shell

https://github.com/carlosaruy/CVE-2025-55182

https://github.com/tlfyyds/cve-2025-55182-getshell

https://github.com/topstar88/CVE-2025-55182

https://github.com/mingyisecurity-lab/CVE-2025-55182-TOOLS

https://github.com/dissy123/cve-2025-55182

https://github.com/RajChowdhury240/React2Shell-CVE-2025-55182

https://github.com/acheong08/CVE-2025-55182-poc

https://github.com/aspen-labs/CVE-2025-55182-checker

https://github.com/MedusaSH/POC-CVE-2025-55182

https://github.com/dwisiswant0/CVE-2025-55182

https://github.com/Cillian-Collins/CVE-2025-55182

https://github.com/0xPThree/cve-2025-55182

https://github.com/m3m0ryc0rrupt/CVE-2025-55182-PoC

https://github.com/hunters-sec/CVE-2025-55188-7z-exploit

https://github.com/sickwell/CVE-2025-55182

https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive

https://github.com/Security-Phoenix-demo/react2shell-scanner-rce-react-next-CVE-2025-55182-CVE-2025-66478

https://github.com/rl0x01/CVE-2025-55182_PoC

https://github.com/kk12-30/CVE-2025-55182

https://github.com/Golden-Secure/CVE-2025-55182

https://github.com/Saturate/CVE-2025-55182-Scanner

https://github.com/zzhorc/CVE-2025-55182

https://github.com/msanft/CVE-2025-55182

https://github.com/TH-SecForge/CVE-2025-55182

https://github.com/songsanggggg/CVE-2025-55182

https://github.com/onlylovetx/CVE-2025-55182-CVE-2025-66478-Exploit-GUI

https://github.com/Pizz33/CVE-2025-55182-burpscanner

https://github.com/pax-k/react2shell-CVE-2025-55182-full-rce-script

mttaggart at 2025-12-04T18:02:22.230Z ##

To be clear, there are no public PoCs of yesterday's React vulnerability (CVE-2025-55182). The one that was being claimed as a POC has been outed as slop. Indeed, they even renamed the repo.

The first PoCs for these vulns are now always fake.

Watch https://react2shell.com for disclosure from the discoverers.

##

jschauma@mstdn.social at 2025-12-04T13:57:55.000Z ##

Today in "AI ruins everything": AI generated "PoC" for the React RCE CVE-2025-55182, wasting countless defenders' hours, now get included in the CVE references. 🤦‍♂️

At least the co-author alongside the AI has updated the README now:
https://github.com/ejpir/CVE-2025-55182-poc

Looks like the original reporter plans on posting more details at some point in the future here:
https://react2shell.com/

##

mttaggart@infosec.exchange at 2025-12-04T18:02:22.000Z ##

To be clear, there are no public PoCs of yesterday's React vulnerability (CVE-2025-55182). The one that was being claimed as a POC has been outed as slop. Indeed, they even renamed the repo.

https://github.com/LOURC0D3/CVE-2024-4367-PoC

The first PoCs for these vulns are now always fake.

Watch https://react2shell.com for disclosure from the discoverers.

##

jschauma@mstdn.social at 2025-12-04T13:57:55.000Z ##

Today in "AI ruins everything": AI generated "PoC" for the React RCE CVE-2025-55182, wasting countless defenders' hours, now get included in the CVE references. 🤦‍♂️

At least the co-author alongside the AI has updated the README now:
https://github.com/ejpir/CVE-2025-55182-poc

Looks like the original reporter plans on posting more details at some point in the future here:
https://react2shell.com/

##

CVE-2024-4367
(8.8 HIGH)

EPSS: 32.60%

updated 2025-04-24T21:41:24

2 posts

### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`

24 repos

https://github.com/kabiri-labs/CVE-2024-4367-PoC

https://github.com/PenguinCabinet/CVE-2024-4367-hands-on

https://github.com/Zombie-Kaiser/cve-2024-4367-PoC-fixed

https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability

https://github.com/VVeakee/CVE-2024-4367

https://github.com/snyk-labs/pdfjs-vuln-demo

https://github.com/1337rokudenashi/Odoo_PDFjs_CVE-2024-4367.pdf

https://github.com/avalahEE/pdfjs_disable_eval

https://github.com/BektiHandoyo/cve-pdf-host

https://github.com/s4vvysec/CVE-2024-4367-POC

https://github.com/clarkio/pdfjs-vuln-demo

https://github.com/0xr2r/CVE-2024-4367

https://github.com/Scivous/CVE-2024-4367-npm

https://github.com/pedrochalegre7/CVE-2024-4367-pdf-sample

https://github.com/spaceraccoon/detect-cve-2024-4367

https://github.com/UnHackerEnCapital/PDFernetRemotelo

https://github.com/Masamuneee/CVE-2024-4367-Analysis

https://github.com/exfil0/WEAPONIZING-CVE-2024-4367

https://github.com/MihranGIT/POC_CVE-2024-4367

https://github.com/MihranGIT/CVE-2024-4367

https://github.com/elamani-drawing/CVE-2024-4367-POC-PDFJS

https://github.com/pS3ud0RAnD0m/cve-2024-4367-poc

https://github.com/m0d0ri205/PDFJS

RedTeamPentesting@mastodon.social at 2025-12-04T10:24:13.000Z ##

🚨Nextcloud was vulnerable to XSS in PDF.js (CVE-2024-4367) found by Thomas Rinsma at CodeanIO.

Although Nextcloud mitigated the vulnerability in their portal by disabling eval, the viewer.html component of the vulnerable PDF.js was still exposed.

https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/

##

RedTeamPentesting@mastodon.social at 2025-12-04T10:24:13.000Z ##

🚨Nextcloud was vulnerable to XSS in PDF.js (CVE-2024-4367) found by Thomas Rinsma at CodeanIO.

Although Nextcloud mitigated the vulnerability in their portal by disabling eval, the viewer.html component of the vulnerable PDF.js was still exposed.

https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/

##

CVE-2021-21225
(8.8 HIGH)

EPSS: 1.01%

updated 2024-11-21T05:47:48.830000

2 posts

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

andersonc0d3 at 2025-12-04T20:32:40.911Z ##

Good introduction to a blog post. I came to it by chance after finishing the work today, relaxing a bit after auditing a state machine, but not as complex as Array.prototype.concat implementation, for sure.

A Bug's Life: CVE-2021-21225
https://tiszka.com/blog/CVE_2021_21225.html

##

andersonc0d3@infosec.exchange at 2025-12-04T20:32:40.000Z ##

Good introduction to a blog post. I came to it by chance after finishing the work today, relaxing a bit after auditing a state machine, but not as complex as Array.prototype.concat implementation, for sure.

A Bug's Life: CVE-2021-21225
https://tiszka.com/blog/CVE_2021_21225.html

##

CVE-2019-8457(CVSS UNKNOWN)

EPSS: 27.14%

updated 2023-01-28T05:05:39

2 posts

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

cR0w at 2025-12-03T19:10:53.454Z ##

And there's F5 again. Publishing impact to some of their shit by CVE-2019-8457. Yes, that CVE was published on 30 May 2019 and F5 is just now publishing an advisory for it. And there is impact.

https://my.f5.com/manage/s/article/K000158050

##

cR0w@infosec.exchange at 2025-12-03T19:10:53.000Z ##

And there's F5 again. Publishing impact to some of their shit by CVE-2019-8457. Yes, that CVE was published on 30 May 2019 and F5 is just now publishing an advisory for it. And there is impact.

https://my.f5.com/manage/s/article/K000158050

##

CVE-2025-61260
(0 None)

EPSS: 0.00%

4 posts

N/A

allaboutsecurity@mastodon.social at 2025-12-04T12:31:10.000Z ##

Sicherheitslücke: OpenAI Codex CLI führt versteckte Befehle aus Repository-Dateien aus

Die unter CVE-2025-61260 geführte Lücke ermöglicht es Angreifern, über manipulierte Repository-Dateien beliebigen Code auf Entwicklersystemen auszuführen – ganz ohne Wissen oder Zustimmung der Nutzer.

https://www.all-about-security.de/sicherheitsluecke-openai-codex-cli-fuehrt-versteckte-befehle-aus-repository-dateien-aus/

#checkpoint #OpenAI #entwickler #MCP #Backdoor #security

##

cyberveille@mastobot.ping.moi at 2025-12-04T09:00:04.000Z ##

📢 CVE-2025-61260 : injection de commandes dans OpenAI Codex CLI via configuration locale de projet
📝 Source et contexte — Check Point Research publie une analyse détaillant CVE-2025-61260, une...
📖 cyberveille : https://cyberveille.ch/posts/2025-12-03-cve-2025-61260-injection-de-commandes-dans-openai-codex-cli-via-configuration-locale-de-projet/
🌐 source : https://research.checkpoint.com/2025/openai-codex-cli-command-injection-vulnerability/
#CVE_2025_61260 #IOC #Cyberveille

##

allaboutsecurity@mastodon.social at 2025-12-04T12:31:10.000Z ##

Sicherheitslücke: OpenAI Codex CLI führt versteckte Befehle aus Repository-Dateien aus

Die unter CVE-2025-61260 geführte Lücke ermöglicht es Angreifern, über manipulierte Repository-Dateien beliebigen Code auf Entwicklersystemen auszuführen – ganz ohne Wissen oder Zustimmung der Nutzer.

https://www.all-about-security.de/sicherheitsluecke-openai-codex-cli-fuehrt-versteckte-befehle-aus-repository-dateien-aus/

#checkpoint #OpenAI #entwickler #MCP #Backdoor #security

##

beyondmachines1@infosec.exchange at 2025-12-03T13:01:31.000Z ##

Command injection flaw in OpenAI Codex CLI enables silent remote code execution

Security researchers discovered CVE-2025-61260, a command injection vulnerability in OpenAI Codex CLI that allows attackers to achieve arbitrary code execution by placing malicious .env and configuration files in repositories, which the tool automatically executes without user approval when developers run the codex command.

**If you use OpenAI Codex CLI, update to version 0.23.0 or later. Your Codex CLI (and your computer running it) can be hacked by a simple malicious repo file you just cloned Until updated, don't run codex in unfamiliar repositories, and always check .env files and .codex configuration folders for suspicious commands before running the tool.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/command-injection-flaw-in-openai-codex-cli-enables-silent-remote-code-execution-8-g-e-z-9/gD2P6Ple2L

##

CVE-2025-66489
(0 None)

EPSS: 0.08%

1 posts

N/A

offseq at 2025-12-04T01:34:04.945Z ##

🚨 CVE-2025-66489: CRITICAL bug in cal.com (<5.9.8) lets attackers bypass password checks with valid TOTP, risking account compromise. Patch to 5.9.8+ ASAP! Details: https://radar.offseq.com/threat/cve-2025-66489-cwe-303-incorrect-implementation-of-10655bf9 #OffSeq #calcom #vuln #CVE202566489 #infosec

##

CVE-2025-48633
(0 None)

EPSS: 0.00%

6 posts

N/A

1 repos

https://github.com/Ashwesker/Blackash-CVE-2025-48633

technadu at 2025-12-03T14:51:06.302Z ##

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

##

Android@activitypub.awakari.com at 2025-12-02T11:37:46.000Z ## Google patches 107 Android flaws, including two being actively exploited Google’s December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can. Google ...

#Mobile #News #2025-12-05 #CVE-2025-48572 #CVE-2025-48633

Origin | Interest | Match ##

technadu@infosec.exchange at 2025-12-03T14:51:06.000Z ##

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

##

DarkWebInformer@infosec.exchange at 2025-12-02T22:34:20.000Z ##

CISA has added two vulnerabilities to the KEV Catalog:

CVE-2025-48633: Android Framework Information Disclosure Vulnerability

CVE-2025-48572: Android Framework Privilege Escalation Vulnerability

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

##

cisakevtracker@mastodon.social at 2025-12-02T19:00:59.000Z ##

CVE ID: CVE-2025-48633
Vendor: Android
Product: Framework
Date Added: 2025-12-02
Notes: https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-48633

##

AAKL@infosec.exchange at 2025-12-02T18:11:39.000Z ##

CISA has updated the KEV catalogue.

- CVE-2025-48572: Android Framework Privilege Escalation Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48572

- CVE-2025-48633: Android Framework Information Disclosure Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48633

Also:

CISA Releases Five Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/12/02/cisa-releases-five-industrial-control-systems-advisories #CISA #infosec #Android #Google #vulnerability

##

CVE-2025-48572
(0 None)

EPSS: 0.00%

6 posts

N/A

technadu at 2025-12-03T14:51:06.302Z ##

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

##

Android@activitypub.awakari.com at 2025-12-02T11:37:46.000Z ## Google patches 107 Android flaws, including two being actively exploited Google’s December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can. Google ...

#Mobile #News #2025-12-05 #CVE-2025-48572 #CVE-2025-48633

Origin | Interest | Match ##

technadu@infosec.exchange at 2025-12-03T14:51:06.000Z ##

CISA has added two Android Framework 0-days (CVE-2025-48572 & CVE-2025-48633) to the KEV list, confirming active exploitation.

Together, they enable privilege escalation and information disclosure, forming a potentially complete compromise path for targeted devices.

Federal agencies have a December 23 patch deadline, and wider organizations are encouraged to roll out updates and monitor for related indicators.

💬 Mobile ecosystems remain a critical attack surface - what best practices have worked for your teams?

Source: https://cybersecuritynews.com/android-0-day-vulnerability-exploited/

Follow us for ongoing vulnerability and threat intelligence updates.

#Cybersecurity #AndroidSecurity #KEV #CISA #ZeroDay #MobileThreats #ThreatIntel #Infosec #SecurityUpdates #DeviceSecurity

##

DarkWebInformer@infosec.exchange at 2025-12-02T22:34:20.000Z ##

CISA has added two vulnerabilities to the KEV Catalog:

CVE-2025-48633: Android Framework Information Disclosure Vulnerability

CVE-2025-48572: Android Framework Privilege Escalation Vulnerability