Overview
- Tenda
- WH450
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2025-14665 (CRITICAL): Stack-based buffer overflow in Tenda WH450 v1.0.0.18 via /goform/DhcpListClient 'page' param. Remote, unauthenticated code execution possible. Exploit is public. Isolate & monitor now! https://radar.offseq.com/threat/cve-2025-14665-stack-based-buffer-overflow-in-tend-27bfc3c9 #OffSeq #Vuln #IoTSecurity #Infosec
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
Huh, I somehow missed this CVE:
https://mastodon.social/@verbrecher/115720201828646496
Thx to for the pointer @verbrecher
CVE-2025-14174 is related to this commit in the ANGLE repo:
https://github.com/google/angle/commit/95a32cb37edbb90eac0b83727b38fedbbb32307b
For CVE-2025-43529 there's much less info.
Overview
Description
Statistics
- 1 Post
Overview
- Meta
- react-server-dom-webpack
Description
Statistics
- 1 Post
Fediverse
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html
The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.
The three vulnerabilities are listed below -
CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function
However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.
Overview
- Meta
- react-server-dom-webpack
Description
Statistics
- 1 Post
Fediverse
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html
The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.
The three vulnerabilities are listed below -
CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function
However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.
Overview
- Meta
- react-server-dom-parcel
Description
Statistics
- 1 Post
Fediverse
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html
The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.
The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.
The three vulnerabilities are listed below -
CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function
However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.