24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-parcel

11 Dec 2025
Published
12 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.04%

KEV

Description

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 2 Posts
  • 13 Interactions

Last activity: 8 hours ago

Fediverse

Profile picture

Happy patch your React Server Components again Friday to all who celebrate. The patch for CVE-2025-55184 was incomplete and still leaves systems vulnerable to DoS.

facebook.com/security/advisori

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

  • 6
  • 6
  • 0
  • 22h ago

Bluesky

Profile picture
~Socket~ New Denial of Service and Source Code Exposure vulnerabilities found in React Server Components require immediate patching. - IOCs: CVE-2025-55184, CVE-2025-67779, CVE-2025-55183 - #NextJS #React #ThreatIntel
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • UTT
  • 进取 512W

12 Dec 2025
Published
12 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in memory corruption. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 17 hours ago

Overview

  • Apache Software Foundation
  • Apache Airflow
  • apache-airflow

23 Oct 2023
Published
13 Feb 2025
Updated

CVSS
Pending
EPSS
0.64%

KEV

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 17 hours ago

Fediverse

Profile picture

Per NVD it's only a 4.3 but it's in the payments system so I'm guessing this is why a Friday update instead of waiting till Monday.

nvd.nist.gov/vuln/detail/cve-2

  • 0
  • 1
  • 0
  • 17h ago

Overview

  • notepad-plus-plus
  • notepad-plus-plus

23 Jun 2025
Published
23 Oct 2025
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.01%

KEV

Description

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 18 hours ago

Fediverse

Profile picture

If you use PDQ, the Notepad++ 8.8.9 auto upgrade package is now available, but may require manual updates to your existing jobs to point to it. Patch that #0day if you haven't already. CVE-2025-49144

  • 0
  • 1
  • 0
  • 18h ago

Overview

  • Growatt
  • ShineLan-X

13 Dec 2025
Published
13 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmware signature verification is not enforced.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture

🚨 CVE-2025-36747 (CRITICAL, CVSS 9.4): Hard-coded FTP creds in Growatt ShineLan-X 3.6.0.0 allow file tampering—no signature checks! Patch, restrict FTP, and monitor for abuse. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • The Qt Company
  • Qt

03 Dec 2025
Published
03 Dec 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.12%

KEV

Description

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture
CVE-2025-12385 Improper validation of tag size in Text component parser scq.ms/49ZY4lR #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • pnggroup
  • libpng

03 Dec 2025
Published
04 Dec 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.05%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #SecQube #MicrosoftSecurity
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3

23 Oct 2025
Published
11 Dec 2025
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture
Just published a deep dive on the latest #Oracle Linux 10 security patch. ELSA-2025-23139 addresses CVE-2025-12105 in the libsoup3 HTTP library. Read more: 👉 tinyurl.com/4jvxyhxe #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • rupok98
  • URL Shortener Plugin For WordPress

13 Dec 2025
Published
13 Dec 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture

🚨 CVE-2025-10738 (CRITICAL, CVSS 9.8): Unauthenticated SQL Injection in rupok98 URL Shortener Plugin for WordPress (all versions). Exploitation risks full DB compromise. Disable or restrict plugin ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

Pending
Published
03 Dec 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 Security Advisory: CVE-2025-66478 https://nextjs.org/blog/CVE-2025-66478
  • 0
  • 0
  • 0
  • 9h ago
Showing 11 to 20 of 38 CVEs