GHSA-49RJ-9FVP-4H2H React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

When using React Router v7 in Framework Mode, there exists a combination of steps that could potentially allow unauthorized RCE through external requests. This first requires the application code to have an existing prototype pollution vulnerability. This can be leveraged into a 2-step attack in...

PT-2026-45834

Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.14.1 Description When using Framework Mode, a sequence of actions could allow unauthorized remote code execution RCE via external requests. This occurs if the application code already contains a prototype...

EUVD-2025-208985

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

PT-2026-27778

Name of the Vulnerable Software and Affected Versions N2WS Backup & Recovery versions prior to 4.4.0 Description A two-step attack against the RESTful API can lead to remote code execution. The attack targets the API, potentially allowing an attacker to execute arbitrary code on the system. The A...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from a two-step attack targeting RESTful APIs, which could lead to remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

CVE-2025-32991

N2WS Backup & Recovery (before 4.4.0) is affected by a two‑step attack against its RESTful API that leads to remote code execution. The available documents describe the vulnerability at a high level without detailing exploit vectors, affected modules, or versions beyond the 4.4.0 threshold. No re...

AZL-65082 CVE-2025-45582 affecting package tar 1.35-2

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

UBUNTU-CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...