Vulnerability intelligence

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

A concise description of CVE-2025-70795 is not yet available in popular articles. While the CVE identifier has been noted, its formal description has not been released as of the current date.

CVE-2024-7928 is an unauthenticated path traversal vulnerability found in FastAdmin versions up to 1.3.3.20220121. This flaw allows remote attackers to access unauthorized files by manipulating the `lang` parameter within the `/index/ajax/lang` endpoint. By crafting malicious requests with directory traversal sequences, an attacker can escape the intended directory structure and read sensitive files from the server. This vulnerability, categorized as CWE-22 (Path Traversal), can lead to the exposure of confidential information such as configuration files, database credentials, and API keys. A proof of concept (PoC) for exploiting CVE-2024-7928 is publicly available. To mitigate this issue, users are strongly advised to update their FastAdmin installations to version 1.3.4.20220530 or later.

CVE-2026-1731 is identified as a pre-authentication remote code execution vulnerability impacting BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) products. This flaw, categorized as an operating system command injection, allows an unauthenticated remote attacker to execute operating system commands in the context of the site user. The vulnerability can be exploited by sending specially crafted requests, and successful exploitation does not require any user interaction or prior authentication. BeyondTrust has released updates to address this issue, with patches available for Remote Support versions 25.3.2 and later, and Privileged Remote Access versions 25.1.1 and later.

CVE-2025-40536 is a security control bypass vulnerability affecting SolarWinds Web Help Desk (WHD) software. This flaw enables an unauthenticated attacker to circumvent security measures and access functionalities that are typically restricted to authenticated users. Specifically, the vulnerability allows for the bypass of Cross-Site Request Forgery (CSRF) protections by injecting a particular URI parameter, which then grants access to restricted WebObjects components. This bypass can be a component in a chain of vulnerabilities, potentially leading to more significant compromises, such as unauthenticated remote code execution, when combined with other identified flaws in the software.

CVE-2026-20700 is a memory corruption vulnerability found within Apple's `dyld` component, which is the Dynamic Link Editor responsible for loading dynamic libraries into memory and bridging application code with system frameworks. This flaw could enable an attacker with memory write capabilities to execute arbitrary code on affected devices. Apple addressed this issue through improved state management in updates for watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3, and iPadOS 26.3. Reports indicate that this vulnerability may have been exploited in "extremely sophisticated attacks" targeting specific individuals on versions of iOS preceding iOS 26. Google's Threat Analysis Group is credited with discovering and reporting the vulnerability.