Trending now

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

CVE-2025-26399 is a remote code execution vulnerability that affects SolarWinds Web Help Desk (WHD). The vulnerability stems from unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run arbitrary commands on the host machine. The vulnerability is a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986. SolarWinds has released a hotfix to address the vulnerability.

CVE-2025-68947 is a driver vulnerability found in NSecsoft's NSecKrnl Windows driver. This flaw allows a local, authenticated attacker to terminate processes belonging to other users, including those running as SYSTEM or designated as Protected Processes. This is achieved by sending specially crafted Input/Output Control (IOCTL) requests to the driver. The vulnerability is categorized under CWE-862 (Missing Authorization), indicating that the NSecKrnl driver fails to properly validate the authorization of requests to terminate processes. This issue presents a "Bring Your Own Vulnerable Driver" (BYOVD) attack surface, which can be leveraged by threat actors to disable endpoint security solutions and other critical system processes. For instance, the Black Basta ransomware has been observed utilizing this vulnerability.

CVE-2025-54068 is a remote command execution (RCE) vulnerability found in Livewire, a full-stack framework for Laravel. Specifically, it affects Livewire v3 versions up to and including v3.6.3. The vulnerability stems from how certain component property updates are handled during hydration, which could allow unauthenticated attackers to execute arbitrary code. Exploitation requires a component to be mounted and configured in a particular way but does not require authentication or user interaction. The vulnerability lies in the `hydrateForUpdate` method within the `Livewire\Mechanisms\HandleComponents\HandleComponents` class. A specially crafted update payload can bypass validation and sanitization during the hydration process, causing the framework to interpret untrusted input as executable code. This issue has been patched in Livewire v3.6.4, and users are strongly encouraged to upgrade to this version or later as soon as possible. There are no known workarounds.

CVE-2025-1974 is a vulnerability within the Ingress NGINX Controller for Kubernetes, specifically affecting the admission controller component. This flaw falls under a group of vulnerabilities collectively known as "IngressNightmare." The vulnerability arises because the admission controllers are accessible over the network without authentication. By sending a malicious ingress object directly to the admission controller, an attacker can inject arbitrary NGINX configurations. This results in code execution on the Ingress NGINX Controller's pod, potentially granting unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, which could lead to a complete cluster takeover.

CVE-2026-1731 is identified as a pre-authentication remote code execution vulnerability impacting BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) products. This flaw, categorized as an operating system command injection, allows an unauthenticated remote attacker to execute operating system commands in the context of the site user. The vulnerability can be exploited by sending specially crafted requests, and successful exploitation does not require any user interaction or prior authentication. BeyondTrust has released updates to address this issue, with patches available for Remote Support versions 25.3.2 and later, and Privileged Remote Access versions 25.1.1 and later.

CVE-2024-12356 is a command injection vulnerability found in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products prior to version 24.3.1. Exploitation allows unauthenticated attackers to execute commands on the underlying operating system with the privileges of the site user. This vulnerability has a CVSS score of 9.8 and is known to be actively exploited. It affects both on-premises and SaaS instances of the affected BeyondTrust products. While patches are available, the responsibility for applying them falls on the customers using these products.

CVE-2025-43300 is an out-of-bounds write vulnerability that exists within Apple's Image I/O framework. The vulnerability can be triggered when a device processes a maliciously crafted image file, which can lead to memory corruption. Successful exploitation of this vulnerability can occur when a program writes data outside of an allocated memory buffer. This can result in the program crashing, data corruption, or potentially remote code execution. Apple has addressed this issue with improved bounds checking in multiple operating systems, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

CVE-2025-34164 describes a heap-based buffer overflow vulnerability found in NetSupport Manager 14.x versions preceding 14.12.0000. This flaw allows a remote, unauthenticated attacker to potentially trigger a denial of service (DoS) condition or execute arbitrary code on affected systems.

CVE-2025-34165 describes a stack-based buffer overflow vulnerability found in NetSupport Manager versions prior to 14.12.0000. This flaw allows a remote and unauthenticated attacker to trigger a denial of service (DoS) condition. Additionally, the vulnerability could potentially lead to the leakage of a limited amount of memory from the affected system.