24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
65.08%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 10 Posts
  • 1 Interaction

Last activity: Last hour

Bluesky

Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts Steal Credentials reconbee.com/hackers-expl... #hackers #Nextjs #credentials #cybersecurity #cyberattack
  • 0
  • 1
  • 0
  • 1h ago
Profile picture fallback
~Talos~ UAT-10608 exploits React2Shell (CVE-2025-55182) in Next.js apps to deploy NEXUS Listener for mass credential theft. - IOCs: 144. 172. 102. 88, 172. 86. 127. 128, 144. 172. 112. 136 - #CVE202555182 #Malware #ThreatIntel
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
~Talos~ AI lowers the barrier for BEC attacks, while a massive campaign exploits Next.js React2Shell to harvest cloud credentials. - IOCs: CVE-2025-55182 - #BEC #React2Shell #ThreatIntel
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
  • 0
  • 0
  • 2
  • 12h ago
Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
ハッカーがCVE-2025-55182を悪用し、Next.jsホスト766台に侵入、認証情報を盗み出す Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials #HackerNews (Apr 2) thehackernews.com/2026/04/hack...
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
シークレット等がんがん盗まれているようす:Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
  • 0
  • 0
  • 0
  • 8h ago
Profile picture fallback
Hackers exploited CVE-2025-55182 (React2Shell) to breach 766 Next.js hosts, deploying NEXUS Listener to steal database credentials, SSH keys, and cloud tokens. Impact spans multiple regions and cloud providers. #NextjsBreach #CredentialTheft
  • 0
  • 0
  • 0
  • Last hour

Overview

  • TrueConf
  • TrueConf Client

30 Mar 2026
Published
03 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Statistics

  • 6 Posts

Last activity: 4 hours ago

Fediverse

Profile picture fallback

📰 Chinese-Nexus Actor Exploits TrueConf Zero-Day in "TrueChaos" Campaign

A TrueConf zero-day (CVE-2026-3502) has been exploited by a Chinese-nexus APT in the 'TrueChaos' campaign, targeting governments in Southeast Asia. The flaw allows attackers to push malware like Havoc C2 via the app's update mechanism. 📹💥 #ZeroDay...

🔗 cyber.netsecops.io/articles/tr

  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback

Geopolitical tensions escalate between Algeria and Morocco, impacting European security and energy stability. In technology, IBM and Arm announced a strategic collaboration on new dual-architecture hardware for future AI and data-intensive workloads. On the cybersecurity front, CISA added a new exploited vulnerability (CVE-2026-3502) to its catalog, while L.A. Metro confirmed a mid-March hack, with systems still being restored.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
~Cisa~ CISA added CVE-2026-3502, a TrueConf Client integrity check flaw, to its KEV catalog due to active exploitation. - IOCs: CVE-2026-3502 - #CISA #CVE2026_3502 #threatintel
  • 0
  • 0
  • 0
  • 13h ago
Profile picture fallback
📢 Opération TrueChaos : zero-day dans TrueConf exploité contre des gouvernements en Asie du Sud-Est 📝 ## 🔍 Contexte Publié le 30 mars… https://cyberveille.ch/posts/2026-04-02-operation-truechaos-zero-day-dans-trueconf-exploite-contre-des-gouvernements-en-asie-du-sud-est/ #CVE_2026_3502 #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago
Profile picture fallback
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 2) CVE-2026-3502 TrueConfクライアントにおける整合性チェックなしのコードダウンロードの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Google
  • Chrome

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
3.03%

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
  • 2 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Microsoft Edge 146.0.3856.97 korrigiert 17 Sicherheitslücken inkl. CVE-2026-5281 als Exploit

deskmodder.de/blog/2026/04/03/

  • 2
  • 0
  • 1
  • 3h ago

Bluesky

Profile picture fallback
CVE-2026-5281 Google Dawn Use-After-Free Vulnerability
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Cisco
  • Cisco Smart Software Manager On-Prem

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.17%

KEV

Description

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture fallback

📰 Cisco Patches Critical Unauthenticated RCE Flaw in Smart Software Manager

🔥 CRITICAL FLAW: Cisco patches a 9.8 CVSS unauthenticated RCE vulnerability (CVE-2026-20160) in its Smart Software Manager On-Prem. The flaw allows remote root access. No workarounds exist, patch immediately! #Cisco #RCE #Vulnerability #PatchNow

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture fallback
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback
Cisco patches 2 critical and 6 high-severity vulnerabilities, including CVE-2026-20160 and CVE-2026-20093, affecting Smart Software Manager and password authentication, risking root access and admin takeover. #CiscoSecurity #AuthenticationBypass #USA
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Cisco patches two critical flaws: an IMC auth bypass (CVE-2026-20093) allowing password changes, and an SSM On-Prem remote code execution (CVE-2026-20160). Both score 9.8 CVSS with no workaround. #Cisco #RemoteExploit #USA
  • 0
  • 0
  • 0
  • Last hour

Overview

  • F5
  • BIG-IP

15 Oct 2025
Published
31 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
41.41%

Description

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 3 Posts

Last activity: 10 hours ago

Bluesky

Profile picture fallback
Over 14,000 F5 BIG-IP APM instances remain exposed online amid active exploitation of CVE-2025-53521, reclassified from DoS to remote code execution. F5 and CISA recommend system rebuilds and log checks. #CVE2025 #BIGIP #USA
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
📢 CVE-2025-53521 : Plus de 14 000 instances F5 BIG-IP APM exposées à des attaques RCE actives 📝 ## 🗓️ Contexte Source : BleepingComputer — Articl… https://cyberveille.ch/posts/2026-04-02-cve-2025-53521-plus-de-14-000-instances-f5-big-ip-apm-exposees-a-des-attaques-rce-actives/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 10h ago
Profile picture fallback
📢 Faille F5 BIG-IP reclassifiée en RCE critique et exploitée activement 📝 --- ## CVE-2025-53521 : La faille F5 BIG-IP requalifiée en RCE critique, exploitation act… https://cyberveille.ch/posts/2026-04-02-faille-f5-big-ip-reclassifiee-en-rce-critique-et-exploitee-activement/ #F5_BIG_IP #Cyberveille
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

  • 7 Posts
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
  • 0
  • 1
  • 4
  • 21h ago
Profile picture fallback
Two chained vulnerabilities (CVE-2026-2699 & CVE-2026-2701) in Progress ShareFile Storage Zones Controller enable unauthenticated file access and remote code execution. Patch version 5.12.4 fixes the issues. #ShareFile #RemoteCodeExec #USA
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
📢 Progress ShareFile : chaîne RCE pré-authentifiée via CVE-2026-2699 et CVE-2026-2701 📝 ## 🔍 Contexte Publié le 2 avril 2026 par watchTowr Labs, ce… https://cyberveille.ch/posts/2026-04-02-progress-sharefile-chaine-rce-pre-authentifiee-via-cve-2026-2699-et-cve-2026-2701/ #ASPX_Webshell #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Statistics

  • 7 Posts
  • 1 Interaction

Last activity: 12 hours ago

Bluesky

Profile picture fallback
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
  • 0
  • 1
  • 4
  • 21h ago
Profile picture fallback
Two chained vulnerabilities (CVE-2026-2699 & CVE-2026-2701) in Progress ShareFile Storage Zones Controller enable unauthenticated file access and remote code execution. Patch version 5.12.4 fixes the issues. #ShareFile #RemoteCodeExec #USA
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
📢 Progress ShareFile : chaîne RCE pré-authentifiée via CVE-2026-2699 et CVE-2026-2701 📝 ## 🔍 Contexte Publié le 2 avril 2026 par watchTowr Labs, ce… https://cyberveille.ch/posts/2026-04-02-progress-sharefile-chaine-rce-pre-authentifiee-via-cve-2026-2699-et-cve-2026-2701/ #ASPX_Webshell #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • ci4-cms-erp
  • ci4ms

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.05%

KEV

Description

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-related data selected via the Pages section is stored server-side and rendered without proper output encoding. This stored payload is later rendered unsafely within administrative interfaces and public-facing navigation menus, leading to stored DOM-based cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-34564 (CRITICAL, CVSS 9.1): ci4ms < 0.31.0.0 vulnerable to stored XSS via Menu Management. Low-priv attackers can inject scripts, impacting admins & users. Patch & audit menus now. radar.offseq.com/threat/cve-20

  • 0
  • 1
  • 0
  • 22h ago

Overview

  • Cisco
  • Cisco Enterprise NFV Infrastructure Software

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%

KEV

Description

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as&nbsp;Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an&nbsp;Admin user, and gain access to the system as that user.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: Last hour

Bluesky

Profile picture fallback
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback
Cisco patches 2 critical and 6 high-severity vulnerabilities, including CVE-2026-20160 and CVE-2026-20093, affecting Smart Software Manager and password authentication, risking root access and admin takeover. #CiscoSecurity #AuthenticationBypass #USA
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
Cisco patches two critical flaws: an IMC auth bypass (CVE-2026-20093) allowing password changes, and an SSM On-Prem remote code execution (CVE-2026-20160). Both score 9.8 CVSS with no workaround. #Cisco #RemoteExploit #USA
  • 0
  • 0
  • 0
  • Last hour

Overview

  • vitejs
  • vite

24 Mar 2025
Published
24 Mar 2025
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
88.96%

KEV

Description

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208) https://isc.sans.edu/diary/32860
  • 0
  • 0
  • 0
  • 18h ago
Showing 1 to 10 of 32 CVEs