Source Code Exposure Vulnerability in React Server Components

Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

github-release-monitor -- multiple vulnerabilities

https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...

Wireshark Analyzer 4.6.2

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

Everest Ransomware Claims ASUS Breach and 1TB Data Theft

Everest ransomware group claims it breached ASUS, stealing over 1TB of data including camera source code. ASUS has been given 21 hours to respond via Qtox...

CVE-2025-41086

Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculat...

[SECURITY] Fedora 43 Update: source-to-image-1.5.1-1.fc43

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

MASCOT: Analyzing Malware Evolution through a Well-Curated Source Code Dataset

In recent years, the explosion of malware and extensive code reuse have formed complex evolutionary connections among malware specimens. The rapid pace of development makes it challenging for existing studies to characterize recent evolutionary trends. In addition, intuitive tools to untangle the...

EUVD-2025-199723

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...

CVE-2025-63938

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...

CVE-2025-63938

Tinyproxy

TOR Virtual Network Tunneling Tool 0.4.8.21

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

EUVD-2025-198325

Malicious code in @ra-ide/source-code-frontend npm...

MAL-2025-190594 Malicious code in @ra-ide/source-code-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b026a3f908a4875695a81716cd5056c2991f150b9661187eeebd42cdc8577b The package @ra-ide/source-code-frontend was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @ra-ide/source-code-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21b026a3f908a4875695a81716cd5056c2991f150b9661187eeebd42cdc8577b The package @ra-ide/source-code-frontend was found to contain malicious code. Source: ossf-package-analysis...

PT-2025-47539

Name of the Vulnerable Software and Affected Versions itsourcecode Human Resource Management System version 1.0 Description A security issue exists in itsourcecode Human Resource Management System 1.0. Manipulation of the noticeDesc argument within an unknown function of the file...

CVE-2025-36299

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

EUVD-2025-197981

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...