GHSA-925W-6V3X-G4J4 Source Code Exposure Vulnerability in React Server Components

Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...

Source Code Exposure Vulnerability in React Server Components

Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

github-release-monitor -- multiple vulnerabilities

https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...

CVE-2025-59788

Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...

CVE-2025-36299

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

EUVD-2025-197981

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-36299

CVE-2025-36299 affects IBM Planning Analytics Local 2.1.0–2.1.14. The advisory states that these versions store sensitive information in source code, which could be leveraged in subsequent attacks against the system. The Fix/Remediation recommends upgrading to IBM Planning Analytics Local 2.1.15 ...

CVE-2025-36299 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.1.0 through 2.1.14 that originates from storing sensitive information in the code and could lead to further attacks...

PT-2025-47205

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.1.0 through 2.1.14 Description IBM Planning Analytics Local versions 2.1.0 through 2.1.14 stores sensitive information within its source code. This could potentially be leveraged in subsequent attacks...

CVE-2025-11997

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

CVE-2025-11997 Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)

Summary The product includes a vulnerable component e.g., framework library that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION:...

EUVD-2003-1117

Malware in sbrugna...

EUVD-2000-0648

Malware in sbrugna...

EUVD-2009-4496

Malware in sbrugna...

EUVD-2011-3465

Malware in sbrugna...