Category: Vulnerability
-
Ivanti Endpoint Manager Mobile (EPMM) zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340)
CVE-2026-1281 is a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager Mobile (EPMM). It stems from a code injection flaw in the product’s web services that allows an unauthenticated attacker to send crafted requests and execute arbitrary code on a vulnerable system without needing to log in. CVE-2026-1340 is also a critical code
-
Global Alert: React2Shell (CVE-2025-55182) Exploitation Escalated
On 16 December 2025, after several days its public disclosure, the critical React2Shell vulnerability (CVE-2025-55182) continues to be widely exploited worldwide, with both the breadth of compromised systems and the number of threat actors involved rising sharply. Researchers have tracked at least 30 confirmed organizational breaches attributed to this flaw and estimate that tens of
-
React2Shell Vulnerability (CVE-2025-55182) Widely Exploited
React2Shell is a critical unauthenticated remote code execution vulnerability tracked as CVE-2025-55182 in React Server Components and related frameworks like Next.js. The flaw arises because unsafe de-serialization in the internal Flight protocol allows attackers, without logging in or valid credentials, to send a specially crafted HTTP request that gets executed on the server. This gives
-
React Server Components (RSC) security vulnerability (React2Shell) (CVE-2025-55182)
CVE-2025-55182 is a critical pre-authentication remote code execution vulnerability in React Server Components. It affects specifically versions 19.0.0, 19.1.0, 19.1.1 and 19.2.0 of RSC packages: and frameworks that use these affected packages, including Next.js 15.x and 16.x using the App Router. The vulnerability has a maximum severity rating of CVSS 10.0. The vulnerable code unsafely
-
NVIDIA security vulnerability (CVE-2025-23352)
CVE-2025-23352 is a vulnerability identified in NVIDIA’s vGPU software, specifically in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. If exploited successfully, it can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Affected versions include all releases prior to and including version 19.1,
-
Oracle E-Business Suite security vulnerability (CVE-2025-61884)
CVE-2025-61884 is a high-severity security vulnerability in the Oracle E-Business Suite (EBS), specifically in the Oracle Configurator product’s Runtime UI component. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator and gain unauthorized access to sensitive data. Because the affected component is often exposed to internal and external networks,
-
Vulnerabilities of Zero Trust Security: Critical Points and the Role of AI Agents
Zero Trust Security (ZTS) Zero Trust Security (ZTS) is a cybersecurity model in which no user, device, network location or system component is implicitly trusted. Instead, every access request to a resource must be verified continuously — based on identity, device posture, access context, and risk-signals. According to the National Institute of Standards and Technology
-
AWS Serverless Application Model Command Line Interface (SAM CLI) security vulnerability (CVE-2025-3047)
CVE-2025-3047 is a vulnerability identified in the AWS Serverless Application Model Command Line Interface (AWS SAM CLI). When the sam build process is executed with Docker and includes symbolic links (symlinks) in the build files, the container environment may allow unauthorized access to privileged files on the host system. An attacker could exploit this by
-
Kubernetes NGINX Ingress Controller
The NGINX Ingress Controller is a Kubernetes component that uses NGINX as a reverse proxy and load balancer to manage external access to services within a Kubernetes cluster. It processes Ingress resources, which define rules for routing HTTP and HTTPS traffic to backend services. In 2025, several critical vulnerabilities were disclosed in the Kubernetes Ingress-NGINX
-
NGINX
Nginx or NGINX is a high-performance, open-source web server that also functions as a reverse proxy, load balancer, HTTP cache, TCP/UDP proxy, and mail proxy server. It was designed to efficiently handle large volumes of web traffic while using minimal system resources, making it particularly well suited for high-concurrency environments. The software was created by
-
VMware ESXi and VMware Workstation security vulnerability (CVE-2025-22224)
CVE-2025-22224 is a critical vulnerability classified as a Time-of-Check Time-of-Use (TOCTOU) flaw affecting VMware ESXi and VMware Workstation. In essence, the issue arises from a race condition where the system checks a resource and then uses it without verifying that it hasn’t changed, which can lead to an out-of-bounds write. This behavior can allow a
-
OpenH264 security vulnerability (CVE-2025-27091)
CVE-2025-27091 is a vulnerability found in the OpenH264 codec library a widely used tool for H.264 video encoding and decoding developed by Cisco. The issue arises from a race condition in the library’s decoding functions. In essence, there is a timing gap between the allocation of memory for a Sequence Parameter Set (SPS) and the