CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

OPENSUSE-SU-2026:20003-1 Security update of valkey

This update for valkey fixes the following issues: Update to 8.0.6: - Security fixes: - CVE-2025-49844: Fixed that a Lua script may lead to remote code execution bsc1250995 - CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE bsc1250995 - CVE-2025-46818: Fixed...

Metasploit Wrap-Up 12/19/2025

React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is...

PT-2025-52213

Name of the Vulnerable Software and Affected Versions 1C-Bitrix versions prior to 25.100.501 Description The software contains a remote code execution issue within the Translate Module. The application does not properly validate the contents of archive files before unpacking them, allowing...

Malicious Package

Overview yir-image-gen-asana-rce is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious Package

Overview vscode-reh-rce is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent...

Exploit for Deserialization of Untrusted Data in Facebook React

next88 - React Server Components RCE Scanner High-performance...

openSUSE Security Advisory (SUSE-SU-2025:4335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 A simp...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...

RHEL 9 : tomcat (RHSA-2025:23044)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23044 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

RHEL 9 : tomcat (RHSA-2025:23049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23049 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat:...

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ CVE-2025-55182 – Auto Exploit Toolkit Precision Engine...

CS-Cart-POC

CS-Cart RCE & LFI Exploit Developed by: Strikoder Tes...

EUVD-2025-201551

Malicious code in evil-rce PyPI...

Malicious code in evil-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Metasploit Wrap-Up 12/05/2025

Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads This was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7’s very own Ryan Emmons recently disclosed CVE-2025-13315 and CVE-2025-13316 which exist in Twonky Server and allow decrypting admin credential...