Activity

Hype increased to 60

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

Vulnerability name

Meta React Server Components Remote Code Execution Vulnerability

Product

Meta React Server Components

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

This vulnerability allows for code execution via a deserialisation vulnerability within the react-server-dom packages. This will affect React, NextJS and downstream projects who utilise these frameworks. We have identified a large number of false or fake proof-of-concepts online which has driven a bit of misinformation regarding this vulnerability, as [confirmed](https://react2shell.com/). on the original researcher's site. We have also witnessed exploitation activity for this vulnerability as researchers and threat actors reverse engineer the patches to find a working exploit. AssetNote have released a [technical research post](https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/) overnight which outlines the vulnerability and a method of detecting its presence.)

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

This vulnerability allows for code execution via a deserialisation vulnerability within the react-server-dom packages. This will affect React, NextJS and downstream projects who utilise these frameworks. We have identified a large number of false or fake proof-of-concepts online which has driven a bit of misinformation regarding this vulnerability, as [confirmed](https://react2shell.com/). on the original researcher's site. We have also witnessed exploitation activity for this vulnerability as researchers and threat actors reverse engineer the patches to find a working exploit. AssetNote have released a [technical research post](https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/) overnight which outlines the vulnerability and a method of detecting its presence.)

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

Hype increased to 61

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

Hype increased to 60

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

Hype increased to 94

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

Hype increased to 37

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

Hype increased to 61

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

Hype increased to 30

CVE-2025-61727 refers to a security vulnerability found in Go versions 1.25.5 and 1.24.11. Specifically, an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example, a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. This vulnerability could allow a malicious actor to bypass intended security restrictions related to certificate validation. The issue is addressed in Go versions 1.25.5 and 1.24.11.

Hype increased to 30

CVE-2025-61729 is a vulnerability within the `crypto/x509` package of the Go standard library. Specifically, the `HostnameError.Error()` method is susceptible to uncontrolled resource consumption. The vulnerability arises because there is no limit to the number of hosts printed when constructing an error string within `HostnameError.Error()`. Furthermore, the error string is built through repeated string concatenation, leading to quadratic runtime. A malicious actor could exploit this by providing a certificate that leads to excessive resource consumption.

Hype increased to 30

CVE-2025-48633 is an information disclosure vulnerability affecting the Android Framework component in Android versions 13 through 16. It is one of two zero-day vulnerabilities that Google addressed in its December 2025 Android Security Bulletin. The vulnerability could allow attackers to access sensitive information without elevated privileges, potentially exposing user data. There are indications that it may be under limited, targeted exploitation. Google has released security patches to address the vulnerability.

Hype increased to 30

CVE-2025-48572 is a high-severity elevation-of-privilege (EoP) vulnerability affecting Android versions 13 through 16. It exists within the Android Framework component. Google's security team has indicated that this vulnerability is under limited, targeted exploitation in the wild. Successful exploitation of CVE-2025-48572 could allow attackers to gain administrative control over affected devices. Google has released security patches as part of the December 2025 Android Security Bulletin to address this and other vulnerabilities. Users are advised to update their devices to the latest patch level as soon as the updates are available.

Vulnerability name

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

Product

OpenPLC ScadaBR

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

Hype increased to 30

CVE-2025-11001 is a vulnerability that exists within the handling of symbolic links in ZIP files by 7-Zip. Crafted data in a ZIP file can cause the application to traverse to unintended directories. This vulnerability could allow remote attackers to execute arbitrary code on affected installations of 7-Zip. To exploit this, an attacker needs to supply a malicious ZIP file containing symbolic link entries that bypass the installer's intended directory boundaries. User interaction is required to exploit this vulnerability, such as opening or extracting a malicious ZIP file. An attacker can leverage this vulnerability to execute code in the context of a service account. This issue has been fixed in 7-Zip 25.00.

Vulnerability name

Android Framework Information Disclosure Vulnerability

Product

Android Framework

CVE-2025-48633 is an information disclosure vulnerability affecting the Android Framework component in Android versions 13 through 16. It is one of two zero-day vulnerabilities that Google addressed in its December 2025 Android Security Bulletin. The vulnerability could allow attackers to access sensitive information without elevated privileges, potentially exposing user data. There are indications that it may be under limited, targeted exploitation. Google has released security patches to address the vulnerability.

Vulnerability name

Android Framework Privilege Escalation Vulnerability

Product

Android Framework

CVE-2025-48572 is a high-severity elevation-of-privilege (EoP) vulnerability affecting Android versions 13 through 16. It exists within the Android Framework component. Google's security team has indicated that this vulnerability is under limited, targeted exploitation in the wild. Successful exploitation of CVE-2025-48572 could allow attackers to gain administrative control over affected devices. Google has released security patches as part of the December 2025 Android Security Bulletin to address this and other vulnerabilities. Users are advised to update their devices to the latest patch level as soon as the updates are available.

Hype increased to 31

CVE-2024-21413 is a remote code execution (RCE) vulnerability affecting Microsoft Outlook. It stems from improper input validation when Outlook processes URLs, particularly those using the `file://` protocol and crafted URL structures. This vulnerability, also known as the "MonikerLink" bug, allows attackers to bypass security protections, such as the Office Protected View, and execute arbitrary code on a victim's machine by sending a malicious email. The vulnerability can be triggered even when previewing a maliciously crafted email. Successful exploitation could lead to remote code execution, theft of NTLM credentials, data exfiltration, data encryption, installation of malware, and potential full system compromise. It affects various versions of Microsoft Outlook, including Microsoft Office 2016, 2019, 2021, and Microsoft 365 Apps.