24h | 7d | 30d

CVE-2025-55182

Overview

  • Meta
  • react-server-dom-webpack
03 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
55.12%
KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture
r/blueteamsec bot @r-blueteamsec.bsky.social
Adversaries exploit CVE-2025-55182 to attack Russian companies
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-13952

Overview

  • Imagination Technologies
  • Graphics DDK
24 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2025-13952 - Critical (9.8)

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privile...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2023-53676

Overview

  • Linux
  • Linux
07 Oct 2025
Published
05 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Just published a technical dissection of #SUSE Security Advisory SUSE-2024-0284-1 (CVE-2023-53676). This isn't just another CVE summary. Read more: 👉 tinyurl.com/3t9cvtcp #Security
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-24656

Overview

  • Apache Software Foundation
  • Apache Karaf
  • org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket
26 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter log socket collector is not installed by default. Users who have not installed Decanter log socket are not impacted by this issue. This issue affects Apache Karaf Decanter before 2.12.0. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture
キタきつね @kitafox.bsky.social
CVE-2026-24656: Apache Karaf のデシリアライゼーションの脆弱性によりシステムが DoS 攻撃を受ける CVE-2026-24656: Deserialization Flaw in Apache Karaf Exposes Systems to DoS #DailyCyberSecurity (Jan 26) securityonline.info/cve-2026-246...
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-37164

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE OneView
16 Dec 2025
Published
08 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
84.85%
KEV

Description

A remote code execution issue exists in HPE OneView.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
Thiard News@F4F @newsen.bsky.social
Warning Issued for Exploitation of Critical HPE OneView Vulnerability #None #Check_Point #HPE_OneView #CVE-2025-37164
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-67264

Overview

  • Pending
23 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
0.15%
KEV

Description

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-67264 - High (7.8)

An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-22586

Overview

  • Salesforce
  • Marketing Cloud Engagement
24 Jan 2026
Published
26 Jan 2026
Updated
CVSS
Pending
EPSS
0.00%
KEV

Description

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-22586 - Critical (9.8)

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 4h ago

CVE-2025-34291

Overview

  • Langflow
  • Langflow
05 Dec 2025
Published
08 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
16.52%
KEV

Description

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.

Statistics

  • 2 Posts
Last activity: 9 hours ago

Bluesky

Profile picture
CrowdSec @crowdsec.bsky.social
🚨 This week’s CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild. 👀 Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise. 👉 www.crowdsec.net/vulntracking...
  • 0
  • 0
  • 1
  • 9h ago

CVE-2026-1420

Overview

  • Tenda
  • AC23
26 Jan 2026
Published
26 Jan 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.09%
KEV

Description

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1420 - High (8.8)

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-1245

Overview

  • binary-parser
  • binary-parser
20 Jan 2026
Published
21 Jan 2026
Updated
CVSS
Pending
EPSS
0.08%
KEV

Description

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
セキュリティ対策Lab @securitylab-jp.bsky.social
Node.js向けbinary-parserにコードインジェクション 脆弱性(CVE-2026-1245) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 1h ago
Showing 11 to 20 of 51 CVEs