Trending now

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

CVE-2025-66478 is a critical vulnerability affecting Next.js applications that use the App Router. This vulnerability, along with CVE-2025-55182 which affects React, allows for unauthenticated remote code execution (RCE). The flaw stems from insecure deserialization within the React Server Components (RSC) "Flight" protocol. Exploitation is possible through a crafted HTTP request, even in default configurations of Next.js applications created with `create-next-app`. Patched versions of React (19.0.1, 19.1.2, and 19.2.1) and Next.js (15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7) are available and users are advised to upgrade immediately. Fastly has also released a Virtual Patch for their NGWAF to help mitigate exploitation attempts.

CVE-2025-12762 is a Remote Code Execution (RCE) vulnerability affecting pgAdmin versions up to 9.9. The vulnerability occurs when pgAdmin is running in server mode and performing restores from PLAIN-format dump files. This vulnerability allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin. Successful exploitation could compromise the integrity and security of the database management system and the underlying data.

CVE-2025-9242 is an out-of-bounds write vulnerability found in WatchGuard Fireware OS. The vulnerability resides in the *iked* process. This flaw makes it possible for an unauthenticated, remote attacker to execute arbitrary code on affected systems. The vulnerability impacts both Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.

CVE-2025-21836 is a vulnerability in the Linux kernel's io_uring subsystem, specifically within the handling of buffer lists. The vulnerability arises from the `IORING_REGISTER_PBUF_RING` functionality, where an old `struct io_buffer_list` could be reused if it was initially created for a legacy selected buffer and has since been emptied. This reuse violates the requirement that most fields within the structure should remain stable after publication. The core issue lies in the `iouring/kbuf` component, where the incorrect reuse of the `io_buffer_list` can lead to instability and unexpected behavior within the io_uring subsystem. A patch has been implemented to address this by ensuring that buffer lists are always reallocated instead of being reused.

CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.

CVE-2025-6218 is a directory traversal remote code execution vulnerability that affects RARLAB WinRAR. It allows remote attackers to execute arbitrary code on affected installations. Exploitation of this vulnerability requires user interaction, as the target must visit a malicious page or open a malicious file. The vulnerability lies in how WinRAR handles file paths within archive files, where a specially crafted file path can cause the process to traverse to unintended directories. By leveraging this vulnerability, an attacker can execute code within the security context of the current user.

CVE-2025-66624 affects the BACnet Protocol Stack library before version 1.5.0.rc2. The vulnerability lies in the `npdu_is_expected_reply` function within `src/bacnet/npdu.c`, where it indexes `request_pdu[offset+2/3/5]` and `reply_pdu[offset+1/2/4]` without validating the existence of the APDU bytes. Specifically, the `bacnet_npdu_decode()` function can return an offset of 2 for a 2-byte NPDU, causing tiny PDUs to bypass the version check and subsequently be read out of bounds. Exploitation of this vulnerability could lead to a crash (DoS) on ASan/MPU/strict builds. The attack has low complexity, requires no privileges, and needs no user interaction.

CVE-2025-66516 is a vulnerability found in Apache Tika's tika-core (versions 1.13-3.2.1), tika-pdf-module (versions 2.0.0-3.2.1), and tika-parsers (versions 1.13-1.28.5). It involves an XML External Entity (XXE) injection flaw that can be exploited through a crafted XFA file embedded in a PDF document. This allows an attacker to interfere with the application's processing of XML data. The vulnerability can be triggered when Apache Tika processes a PDF file containing a malicious XFA component. This may allow an attacker to access local files, internal network resources, or other sensitive data on the server where Tika runs. To mitigate this vulnerability, it is recommended to upgrade tika-core to version 3.2.2 or later and to ensure all related Tika components are updated consistently.

CVE-2025-26858 is a buffer overflow vulnerability that exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can trigger this vulnerability, potentially leading to a denial of service. An attacker can send a sequence of unauthenticated packets to exploit this vulnerability.