24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-turbopack

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.69%

KEV

Description

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-29145) Apache Tomcat Authentication Bypass" and "Emerging Threat: (CVE-2026-23869) React Server Components Denial of Service". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • vllm-project
  • vllm

06 May 2025
Published
06 May 2025
Updated

CVSS v3.1
HIGH (8.0)
EPSS
1.31%

KEV

Description

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPUB` socket on the primary vLLM host. When data is received on this `SUB` socket, it is deserialized with `pickle`. This is unsafe, as it can be abused to execute code on a remote machine. Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment. Attackers could also use other means to exploit the vulnerability without requiring access to the primary vLLM host. One example would be the use of ARP cache poisoning to redirect traffic to a malicious endpoint used to deliver a payload with arbitrary code to execute on the target machine. Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern. Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, the maintainers of vLLM have decided not to fix this issue. Instead, the maintainers recommend that users ensure their environment is on a secure network in case this pattern is in use. The V1 engine is not affected by this issue.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Warning: CVE-2025-30165 (CWEs: ['CWE-502']) found no CAPEC relationships.
Warning: CVE-2025-3508 (CWEs: ['CWE-200']) found no CAPEC relationships.

#AI #GenerativeAI #LLMSecurity #VirensReport
2/2

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • SolarWinds
  • Web Help Desk

23 Sep 2025
Published
10 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
31.17%

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
Hackers are exploiting QEMU VMs to create reverse SSH tunnels for deploying ransomware and RATs. Campaigns STAC4713 and STAC3725 leveraged SonicWall VPNs, SolarWinds CVE-2025-26399, and CitrixBleed2 CVE-2025-5777. #GoldEncounter #QEMUAbuse #USA
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

15 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.23%

KEV

Description

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
Cisco patches critical ISE vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) enabling remote code execution, root access, and privilege escalation in Identity Services Engine and Webex Services. #CiscoISE #RemoteCode #USA
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

15 Apr 2026
Published
16 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
0.21%

KEV

Description

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
Cisco patches critical ISE vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) enabling remote code execution, root access, and privilege escalation in Identity Services Engine and Webex Services. #CiscoISE #RemoteCode #USA
  • 0
  • 0
  • 0
  • 21h ago
Showing 41 to 45 of 45 CVEs