Latest Alerts
React2Shell Remote Code Execution in React Server Components (RSC)
Discovered: December 3rd, 2025 (rapid exploitation observed) Impacted Tech: React Server Components (RSC), Next.js using RSC, and frameworks leveraging React’s server-side streaming semantics – including deployments on Vercel, AWS Lambda, and custom Node.js servers. Summary:A newly disclosed vulnerability in React Server Components, known as React2Shell (CVE-2025-55182) allows unauthenticated attackers to break out of the React…
FortiWeb Path Traversal, Authentication Bypass, and Admin-User Creation Exploited in the Wild
Discovered: October 10th, 2025 (first exploitation observed) Impacted Tech: Fortinet FortiWeb (WAF) Manager / Appliances – versions 8.0.1 and earlier (fixed in 8.0.2) Summary:A path-traversal and authentication bypass vulnerability allows unauthenticated attackers to create local administrative accounts through the FortiWeb management interface. Once exploited, an attacker effectively gains full control of the WAF appliance -…
High-Risk NPM Supply Chain Compromise
Discovered: September 8th, 2025 Impacted Tech: NPM packages – specifically backslash, chalk-template, supports-hyperlinks, has-ansi, simple-swizzle, color-string, error-ex, color-name, is-arrayish, slice-ansi, color-convert, wrap-ansi, ansi-regex, supports-color, strip-ansi, chalk, debug, and ansi-styles Summary:On September 8, 2025, Aikido Security detected and disclosed that 18 highly popular npm packages, totaling over 2 billion weekly downloads, were tampered with malicious code…
Get alerts sent directly to your inbox.
Vulnerability Alert 