Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Rapid7 Blog
Rapid7 Blogadded 2025/12/12 8:38 p.m.15 views

Metasploit Wrap-Up 12/12/2025

React2shell Module As you may have heard, on December 3, 2025, the React team announced a critical Remote Code Execution RCE vulnerability in servers using the React Server Components RSC Flight protocol. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0 and is informally...

10CVSS9.3AI score0.84541EPSS
Exploits363
Packet Storm
Packet Stormadded 2025/12/11 12:0 a.m.221 views

📄 Magento SessionReaper Remote Code Execution

This Metasploit module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execution. The vulnerability stems from improper handling of nested deserialization in the payment method context, combined with an...

9.1CVSS10AI score0.72152EPSS
Exploits9
Akamai Blog
Akamai Blogadded 2025/10/27 5:0 a.m.13 views

The Grim SessionReaper (CVE-2025-54236) Comes to Collect for Halloween

...

9.1CVSS7AI score0.72152EPSS
Exploits9
Malwarebytes
Malwarebytesadded 2025/10/23 4:56 p.m.10 views

Thousands of online stores at risk as SessionReaper attacks spread

Early September, a security researcher uncovered a new vulnerability in Magento, an open-source e-commerce platform used by thousands of online retailers, and its commercial counterpart Adobe Commerce. It sounds like something straight out of a horror movie: SessionReaper. Behind the cinematic na...

9.1CVSS7.9AI score0.72152EPSS
Exploits9
The Hacker News
The Hacker Newsadded 2025/09/10 1:8 a.m.7 views

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 aka SessionReaper, carries a CVSS score of 9.1 out of a maximum ...

9.1CVSS8.3AI score0.72152EPSS
Exploits9
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.3 views

PT-2025-37037

Adobe released an emergency fix for “SessionReaper,” a critical Adobe Commerce/Magento flaw CVE-2025-542360, CVSS 9.1 enabling session hijacking and potentially unauthenticated RCE. No in-the-wild exploitation reported; patches and guidance are available...

7AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/08 12:0 a.m.7 views

PT-2025-36491

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions prior to 2.4.10 Magento Open Source affected versions not specified Description An improper input validation issue, known as SessionReaper, exists in the REST API, specifically within the ServiceInputProcessor and the...

9.4CVSS8.2AI score0.72152EPSS
Exploits9
Rows per page
Query Builder