Arbitrary Code Injection

Overview next is a react framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code on the server by sending malicious HT...

Arbitrary Code Injection

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization ...

Arbitrary Code Injection

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe...

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

PT-2026-4812

Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.3 react-server-dom-webpack versions 19.0.0 through 19.2.3 react-server-dom-parcel versions 19.0.0 through 19.2.3 react-server-dom-turbopack versions 19.0.0 through 19.2.3 Next.js versions 13.x through 16.x...

EUVD-2022-52456

Malicious code in bioql PyPI...

PT-2025-42779

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s AFS subsystem where a null pointer dereference could occur within the afs put server function. Specifically, the function accessed server-debug id...

CVE-2025-2313

Technical details about CVE-2025-2313 are not publicly available in the provided documents. No product/vendor/version information or exploit details are included. Monitor for updates as new information becomes available.

CVE-2024-10395

No proper validation of the length of user input in httpservergetcontenttypefromextension...

CVE-2024-31029

The CVE-2024-31029 issue affects FreeCoAP, originating in the server_handle_regular function of test_coap_server.c. Multiple sources (NVD, Red Hat, OSV, CNNVD, CVE lists) describe a denial-of-service condition triggered by specially crafted CoAP packets sent to the server. The precise vulnerable ...

CVE-2021-38122

A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after t...

CVE-2023-4625 Denial-of-Service（DoS） Vulnerability in Web server function on MELSEC Series CPU module

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

PT-2023-16860

Name of the Vulnerable Software and Affected Versions builderio/qwik versions prior to 0.21.0 Description The issue concerns a code injection problem. The deserializer function can be accessed using the pureServerFunction feature, allowing any JavaScript code to be run by node.js. Recommendations...

CVE-2022-40267

The CVE-2022-40267 issue is an authentication bypass in Mitsubishi Electric MELSEC iQ-F/iQ-R Series web servers caused by a Predictable Seed in the PRNG used for session identifiers. TALOS details show an LCG-based generator that seeds future values with previously produced random numbers, enabli...

CVE-2022-40267 Authentication Bypass Vulnerability in Web Server Function on MELSEC Series

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...