24h | 7d | 30d

CVE-2025-14665

Overview

  • Tenda
  • WH450
14 Dec 2025
Published
14 Dec 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
Offensive Sequence @offseq

⚠️ CVE-2025-14665 (CRITICAL): Stack-based buffer overflow in Tenda WH450 v1.0.0.18 via /goform/DhcpListClient 'page' param. Remote, unauthenticated code execution possible. Exploit is public. Isolate & monitor now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-14321

Overview

  • Mozilla
  • Firefox
09 Dec 2025
Published
11 Dec 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Breaking security news: The #Debian Project has issued Security Advisory DSA-6081-1 addressing critical Thunderbird vulnerability CVE-2025-14321 Read more: 👉 tinyurl.com/2c7czkna #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2023-50224

Overview

  • TP-Link
  • TL-WR841N
03 May 2024
Published
21 Oct 2025
Updated
CVSS v3.0
MEDIUM (6.5)
EPSS
2.37%
KEV

Description

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
qian.cx @qiancx.bsky.social
CISA警示TP-Link路由器重大漏洞CVE-2023-50224和CVE-2025-9377 正在被积极利用 https://qian.cx/posts/59D54055-A8BC-49B9-AAAE-7721E0ABB744
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-66478

Overview

  • Pending
Pending
Published
03 Dec 2025
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This CVE is a duplicate of CVE-2025-55182.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture
BABA Toshiaki @netmarkjp.bsky.social
#ばばさん通信ダイジェスト 賛否関わらず話題になった/なりそうなものを共有しています。 Fastly’s Proactive Protection for React2Shell, Critical React RCE CVE-2025-55182 and CVE-2025-66478 https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182
  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-43529

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture
lj·rk→⁽³⁹ᶜ³⁾ @ljrk

Huh, I somehow missed this CVE:
mastodon.social/@verbrecher/11
Thx to for the pointer @verbrecher

CVE-2025-14174 is related to this commit in the ANGLE repo:
github.com/google/angle/commit

For CVE-2025-43529 there's much less info.

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-9377

Overview

  • TP-Link Systems Inc.
  • Archer C7(EU) V2
29 Aug 2025
Published
21 Oct 2025
Updated
CVSS v4.0
HIGH (8.6)
EPSS
14.59%
KEV

Description

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

Statistics

  • 1 Post
Last activity: 5 hours ago

Bluesky

Profile picture
qian.cx @qiancx.bsky.social
CISA警示TP-Link路由器重大漏洞CVE-2023-50224和CVE-2025-9377 正在被积极利用 https://qian.cx/posts/59D54055-A8BC-49B9-AAAE-7721E0ABB744
  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-55184

Overview

  • Meta
  • react-server-dom-webpack
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
2.96%
KEV

Description

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-55183

Overview

  • Meta
  • react-server-dom-webpack
11 Dec 2025
Published
11 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
1.06%
KEV

Description

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-67779

Overview

  • Meta
  • react-server-dom-parcel
11 Dec 2025
Published
12 Dec 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.06%
KEV

Description

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

New React RSC Vulnerabilities Enable DoS and Source Code Exposure
thehackernews.com/2025/12/new-

The React team has released fixes for two new types of flaws in React Server
Components (RSC) that, if successfully exploited, could result in
denial-of-service (DoS) or source code exposure.

The team said the issues were found by the security community while attempting
to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a
critical bug in RSC that has since been weaponized in the wild.

The three vulnerabilities are listed below -

CVE-2025-55184 (CVSS score: 7.5) - A pre-authentication denial of service
vulnerability arising from unsafe deserialization of payloads from HTTP
requests to Server Function endpoints, triggering an infinite loop that hangs
the server process and may prevent future HTTP requests from being served
CVE-2025-67779 (CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that
has the same impact
CVE-2025-55183 (CVSS score: 5.3) - An information leak vulnerability that may
cause a specifically crafted HTTP request sent to a vulnerable Server Function
to return the source code of any Server Function

However, successful exploitation of CVE-2025-55183 requires the existence of a
Server Function that explicitly or implicitly exposes an argument that has
been converted into a string format.

  • 0
  • 0
  • 0
  • 23h ago
Showing 21 to 29 of 29 CVEs