24h | 7d | 30d

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
66.27%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 10 Posts
  • 1 Interaction

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts Steal Credentials reconbee.com/hackers-expl... #hackers #Nextjs #credentials #cybersecurity #cyberattack
  • 0
  • 1
  • 0
  • 11h ago
Profile picture fallback
~Talos~ AI lowers the barrier for BEC attacks, while a massive campaign exploits Next.js React2Shell to harvest cloud credentials. - IOCs: CVE-2025-55182 - #BEC #React2Shell #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
  • 0
  • 0
  • 2
  • 21h ago
Profile picture fallback
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
ハッカーがCVE-2025-55182を悪用し、Next.jsホスト766台に侵入、認証情報を盗み出す Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials #HackerNews (Apr 2) thehackernews.com/2026/04/hack...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
シークレット等がんがん盗まれているようす:Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
Hackers exploited CVE-2025-55182 (React2Shell) to breach 766 Next.js hosts, deploying NEXUS Listener to steal database credentials, SSH keys, and cloud tokens. Impact spans multiple regions and cloud providers. #NextjsBreach #CredentialTheft
  • 0
  • 0
  • 0
  • 9h ago
Profile picture fallback
React2Shell Unleashed: 700+ Nextjs Servers Hacked in Massive Credential Harvesting Campaign + Video Introduction: A critical remote code execution (RCE) vulnerability in React Server Components, tracked as CVE-2025-55182 and codenamed "React2Shell", has been actively exploited by the threat actor…
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • TrueConf
  • TrueConf Client

30 Mar 2026
Published
03 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
1.22%

Description

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.

Statistics

  • 5 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Geopolitical tensions escalate between Algeria and Morocco, impacting European security and energy stability. In technology, IBM and Arm announced a strategic collaboration on new dual-architecture hardware for future AI and data-intensive workloads. On the cybersecurity front, CISA added a new exploited vulnerability (CVE-2026-3502) to its catalog, while L.A. Metro confirmed a mid-March hack, with systems still being restored.

#AnonNews_irc #Cybersecurity #News

  • 0
  • 0
  • 0
  • 14h ago

Bluesky

Profile picture fallback
~Cisa~ CISA added CVE-2026-3502, a TrueConf Client integrity check flaw, to its KEV catalog due to active exploitation. - IOCs: CVE-2026-3502 - #CISA #CVE2026_3502 #threatintel
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
📢 Opération TrueChaos : zero-day dans TrueConf exploité contre des gouvernements en Asie du Sud-Est 📝 ## 🔍 Contexte Publié le 30 mars… https://cyberveille.ch/posts/2026-04-02-operation-truechaos-zero-day-dans-trueconf-exploite-contre-des-gouvernements-en-asie-du-sud-est/ #CVE_2026_3502 #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Apr 2) CVE-2026-3502 TrueConfクライアントにおける整合性チェックなしのコードダウンロードの脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 18h ago
Profile picture fallback
CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Google
  • Chrome

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
3.03%

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 12 hours ago

Fediverse

Profile picture fallback

Microsoft Edge 146.0.3856.97 korrigiert 17 Sicherheitslücken inkl. CVE-2026-5281 als Exploit

deskmodder.de/blog/2026/04/03/

  • 2
  • 1
  • 1
  • 12h ago

Bluesky

Profile picture fallback
CVE-2026-5281 Google Dawn Use-After-Free Vulnerability
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Cisco
  • Cisco Enterprise NFV Infrastructure Software

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.03%

KEV

Description

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 🔗 Read more: www.helpnetsecurity.com/2026/04/03/c... #vulnerability #securityupdate #cybersecurity
  • 1
  • 1
  • 0
  • 5h ago
Profile picture fallback
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback
Cisco patches two critical flaws: an IMC auth bypass (CVE-2026-20093) allowing password changes, and an SSM On-Prem remote code execution (CVE-2026-20160). Both score 9.8 CVSS with no workaround. #Cisco #RemoteExploit #USA
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • OpenClaw
  • OpenClaw

31 Mar 2026
Published
02 Apr 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
Pending

KEV

Description

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.

Statistics

  • 1 Post
  • 5 Interactions

Last activity: Last hour

Fediverse

Profile picture fallback

I'm trying to understand a bit more about CVE-2026-33579, the critical vulnerability in OpenClaw. To exploit, an attacker needs low-level paring privilege permissions. How does one acquire such privileges? Can anyone do it? I'm asking because I want to understand what's required for an attacker to exploit.

Feel free to ping me at DanArs.82, or drop an answer here.

  • 4
  • 1
  • 0
  • Last hour

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.41%

KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

  • 3 Posts
  • 8 Interactions

Last activity: 8 hours ago

Bluesky

Profile picture fallback
We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02. watchTowr recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch!
  • 2
  • 6
  • 0
  • 8h ago
Profile picture fallback
📢 Progress ShareFile : chaîne RCE pré-authentifiée via CVE-2026-2699 et CVE-2026-2701 📝 ## 🔍 Contexte Publié le 2 avril 2026 par watchTowr Labs, ce… https://cyberveille.ch/posts/2026-04-02-progress-sharefile-chaine-rce-pre-authentifiee-via-cve-2026-2699-et-cve-2026-2701/ #ASPX_Webshell #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
CVE-2026-2699 NVD entry: nvd.nist.gov/vuln/detail/... CVE-2026-2701 NVD entry: nvd.nist.gov/vuln/detail/... #CyberCivilDefense
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.19%

KEV

Description

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Statistics

  • 3 Posts
  • 8 Interactions

Last activity: 8 hours ago

Bluesky

Profile picture fallback
We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02. watchTowr recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch!
  • 2
  • 6
  • 0
  • 8h ago
Profile picture fallback
📢 Progress ShareFile : chaîne RCE pré-authentifiée via CVE-2026-2699 et CVE-2026-2701 📝 ## 🔍 Contexte Publié le 2 avril 2026 par watchTowr Labs, ce… https://cyberveille.ch/posts/2026-04-02-progress-sharefile-chaine-rce-pre-authentifiee-via-cve-2026-2699-et-cve-2026-2701/ #ASPX_Webshell #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago
Profile picture fallback
CVE-2026-2699 NVD entry: nvd.nist.gov/vuln/detail/... CVE-2026-2701 NVD entry: nvd.nist.gov/vuln/detail/... #CyberCivilDefense
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Krajowa Izba Rozliczeniowa
  • SzafirHost

02 Apr 2026
Published
02 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.02%

KEV

Description

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application. This issue was fixed in version 1.1.0.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Ciekawy błąd, 0/1 click RCE w oprogramowaniu związanym z Szafir/KIR służącym do elektronicznych podpisów, używanym przez 900k użytkowników.
Tldr: wchodzisz w link, (niekoniecznie) klikasz "ok" w zespoofowanym okienku, dostajesz malware.
Research: Michał Leszczyński
cve.org/CVERecord?id=CVE-2026-

  • 1
  • 0
  • 0
  • 8h ago

Overview

  • Fortinet
  • FortiClientEMS

06 Feb 2026
Published
31 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.07%

KEV

Description

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Vulnerabilidad SQLi está siendo explotada en Fortinet FortiClient EMS (CVE-2026-21643)

blog.elhacker.net/2026/04/vuln

  • 0
  • 1
  • 0
  • 1h ago

Overview

  • Cisco
  • Cisco Smart Software Manager On-Prem

01 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.17%

KEV

Description

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 10 hours ago

Bluesky

Profile picture fallback
Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
  • 0
  • 1
  • 0
  • 20h ago
Profile picture fallback
Cisco patches two critical flaws: an IMC auth bypass (CVE-2026-20093) allowing password changes, and an SSM On-Prem remote code execution (CVE-2026-20160). Both score 9.8 CVSS with no workaround. #Cisco #RemoteExploit #USA
  • 0
  • 0
  • 0
  • 10h ago
Showing 1 to 10 of 37 CVEs