GRAudit Grep Auditing Tool 4.0

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...

Next.js Framework React Server Components Source Code Exposure (CVE-2025-55183)

The Next.js Framework on the remote host is affected by a source code exposure vulnerability: - An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages:...

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...

PT-2025-52280

Name of the Vulnerable Software and Affected Versions Dify versions through 1.5.1 Description The software contains default credentials. Specifically, the PostgreSQL username and password are specified in the docker-compose.yaml file included in the source code. Recommendations Versions prior to...

UIXPOSE: Mobile Malware Detection Via Intention-Behaviour Discrepancy Analysis

We introduce UIXPOSE, a source-code-agnostic framework that operates on both compiled and open-source apps. This framework applies Intention Behaviour Alignment IBA to mobile malware analysis, aligning UI-inferred intent with runtime semantics. Previous work either infers intent statically, e.g.,...

CVE-2025-55183

A flaw was found in React Server Components RSC. This vulnerability allows an information leak, where a specifically crafted HTTP Hypertext Transfer Protocol request to a vulnerable Server Function can unsafely return its source code. Exploitation requires a Server Function that explicitly or...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.Js React Server Components RSC Vulnerabilities This re...

FreeBSD : github-release-monitor -- multiple vulnerabilities (7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af advisory. https://nextjs.org/blog/security-update-2025-12-11 reports: A specifically crafted HTTP reques...

EUVD-2025-203104

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components...

GHSA-C6M7-Q6PR-C64R Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components RSC that, if successfully exploited, could result in denial-of-service DoS or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches release...

Exploit for CVE-2025-55183

CVE-2025-55183 - Next.js RSC Server Function Source Code Discl...

Exploit for CVE-2025-55183

CVE-2025-55183-poc – Next.js React Server Components Server Fu...

Node.js React Server Components Denial of Service and Source Code Exposure (CVE-2025-55183, CVE-2025-55184)

Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1 - react-server-dom-parcel 19.0....

GHSA-W37M-7FHW-FMV9 Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

EUVD-2025-202924

Next Server Actions Source Code Exposure...

GHSA-925W-6V3X-G4J4 Source Code Exposure Vulnerability in React Server Components

Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...