24h | 7d | 30d

CVE-2025-37899

Overview

  • Linux
  • Linux
20 May 2025
Published
06 Dec 2025
Updated
CVSS
Pending
EPSS
0.01%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture
qian.cx @qiancx.bsky.social
利用ChatGPT o3揭示Linux内核SMB零日漏洞CVE-2025-37899:人工智能在网络安全中的革新历程 https://qian.cx/posts/4B111103-A376-4779-9026-14CA5E92D012
  • 0
  • 0
  • 0
  • 13h ago

CVE-2018-4063

Overview

  • Sierra Wireless
06 May 2019
Published
13 Dec 2025
Updated
CVSS
Pending
EPSS
4.29%
KEV

Description

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CISA warns of HIGH-severity RCE in Sierra Wireless AirLink ALEOS routers (CVE-2018-4063), actively exploited in the wild. End-of-support complicates patching—prioritize isolation, access control, and monitoring. radar.offseq.com/threat/cisa-a

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-29927

Overview

  • vercel
  • next.js
21 Mar 2025
Published
08 Apr 2025
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
92.53%
KEV

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
mXgarweg @michaelxg.bsky.social
I just completed Next.js: CVE-2025-29927 room on TryHackMe. Explore an authorisation bypass vulnerability in Next.js. tryhackme.com/room/nextjsc... #tryhackme
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-66478

Overview

  • Pending
Pending
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture
BABA Toshiaki @netmarkjp.bsky.social
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 Fastly’s Proactive Protection for React2Shell, Critical React RCE CVE-2025-55182 and CVE-2025-66478 https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182
  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-61727

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
03 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Go sec update for #Mageia 9: MGASA-2025-0326 patches CVE-2025-61727 (DNS constraint bypass in crypto/x509) & CVE-2025-61729 (resource exhaustion DoS). Read more: 👉 tinyurl.com/rztdvndu #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-43529

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 23 hours ago

Bluesky

Profile picture
Earlybirds Invest @earlybirdsinvest.bsky.social
Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174…
  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-61729

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509
02 Dec 2025
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical Go sec update for #Mageia 9: MGASA-2025-0326 patches CVE-2025-61727 (DNS constraint bypass in crypto/x509) & CVE-2025-61729 (resource exhaustion DoS). Read more: 👉 tinyurl.com/rztdvndu #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2025-55184

Overview

  • Meta
  • react-server-dom-webpack
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
2.96%
KEV

Description

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-55183

Overview

  • Meta
  • react-server-dom-webpack
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
1.06%
KEV

Description

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-67779

Overview

  • Meta
  • react-server-dom-parcel
11 Dec 2025
Published
12 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 12h ago
Showing 21 to 30 of 30 CVEs