Lucene search
K

5909 matches found

The Hacker News
The Hacker News
added 2025/12/12 8:55 a.m.16 views

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components RSC that, if successfully exploited, could result in denial-of-service DoS or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches release...

10CVSS8.1AI score0.99562EPSS
Exploits382
OSV
OSV
added 2025/12/11 8:16 p.m.10 views

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

5.3CVSS6.7AI score0.62405EPSS
Exploits7References2
RedHat Linux
RedHat Linux
added 2025/12/10 5:45 p.m.3 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
NVD
NVD
added 2025/12/09 6:15 p.m.6 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.5 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS0.15537EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.5 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6AI score0.15537EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.6 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.10791EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/09 5:19 p.m.2 views

CVE-2025-53949

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6AI score0.15537EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/09 5:19 p.m.3 views

EUVD-2025-202270

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated...

8.8CVSS6.8AI score0.15537EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from US-based Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. An operating system command injection vulnerability exists in Fortine...

8.8CVSS7.5AI score0.15537EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/12/08 12:0 a.m.169 views

📄 Django 5.1.13 SQL Injection

Django version 5.1.13 remote SQL injection vulnerability scanning script. ============================================================================================================================================= | Title : Django 5.1.13 SQL Injection Scanner | | Author : indoushka | | Tested o...

9.1CVSS8.3AI score0.1914EPSS
Exploits10
Amazon
Amazon
added 2025/12/08 12:0 a.m.10 views

Medium: aws-cfn-bootstrap

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

5.3CVSS6.6AI score0.00846EPSS
Exploits1
Snyk
Snyk
added 2025/12/03 4:39 p.m.9 views

Arbitrary Code Injection

Overview next is a react framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code on the server by sending malicious HT...

10CVSS7.7AI score0.99562EPSS
Exploits386References3
RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.7 views

CVE-2025-48839

An Out-of-bounds Write vulnerability CWE-787 in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests...

6.6CVSS7.8AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 5:16 p.m.8 views

CVE-2025-58692

An improper neutralization of special elements used in an SQL Command "SQL Injection" vulnerability CWE-89 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HT...

8.8CVSS6.1AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 5:16 p.m.4 views

CVE-2025-58034

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may...

7.2CVSS6AI score0.54376EPSS
Exploits9References2
OSV
OSV
added 2025/11/18 5:16 p.m.3 views

CVE-2025-48839

An Out-of-bounds Write vulnerability CWE-787 in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests...

6.6CVSS6.2AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 5:1 p.m.3 views

CVE-2025-48839

An Out-of-bounds Write vulnerability CWE-787 in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests...

6.6CVSS7.4AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 5:1 p.m.2 views

CVE-2025-58692

An improper neutralization of special elements used in an SQL Command "SQL Injection" vulnerability CWE-89 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HT...

8.8CVSS7.5AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 5:1 p.m.426 views

CVE-2025-58034

CVE-2025-58034 — Fortinet FortiWeb OS Command Injection occurs in FortiWeb 8.0.0–8.0.1, 7.6.0–7.6.5, 7.4.0–7.4.10, 7.2.0–7.2.11, 7.0.0–7.0.11. The flaw is an OS command injection (CWE-78) allowing an authenticated attacker to execute arbitrary commands on the underlying system via crafted HTTP re...

7.2CVSS6.8AI score0.54376EPSS
In wildExploits9References2Affected Software1
Rows per page
Query Builder