React2Shell Remote Code Execution in React Server Components (RSC)
Discovered: December 3rd, 2025 (rapid exploitation observed) Impacted Tech: React Server Components (RSC), Next.js using RSC, and frameworks leveraging React’s server-side streaming semantics – including deployments on Vercel, AWS Lambda, and custom Node.js servers. Summary:A path-traversal and authentication bypass vulnerability allows unauthenticated attackers to A newly disclosed vulnerability in React Server Components, known as React2Shell…
FortiWeb Path Traversal, Authentication Bypass, and Admin-User Creation Exploited in the Wild
Discovered: October 10th, 2025 (first exploitation observed) Impacted Tech: Fortinet FortiWeb (WAF) Manager / Appliances – versions 8.0.1 and earlier (fixed in 8.0.2) Summary:A path-traversal and authentication bypass vulnerability allows unauthenticated attackers to create local administrative accounts through the FortiWeb management interface. Once exploited, an attacker effectively gains full control of the WAF appliance -…
High-Risk NPM Supply Chain Compromise
Discovered: September 8th, 2025 Impacted Tech: NPM packages – specifically backslash, chalk-template, supports-hyperlinks, has-ansi, simple-swizzle, color-string, error-ex, color-name, is-arrayish, slice-ansi, color-convert, wrap-ansi, ansi-regex, supports-color, strip-ansi, chalk, debug, and ansi-styles Summary:On September 8, 2025, Aikido Security detected and disclosed that 18 highly popular npm packages, totaling over 2 billion weekly downloads, were tampered with malicious code…
Critical SharePoint Zero-Day Under Widespread Attack
Discovered: July 14th, 2025 Impacted Tech: Microsoft SharePoint Servers (on-premises, e.g., MS SharePoint Server 2019 and Subscription Edition; patch for 2016 pending) Summary:A critical unauthenticated remote code execution (RCE) vulnerability chain – referred to as “ToolShell” – is being actively exploited in the wild. CVE‑2025‑49706 and CVE‑2025‑49704 allow attackers to bypass authentication and execute arbitrary…
Windows Remote Desktop Licensing Service “MadLicense” 0-ClickRCE affecting all Windows Servers (2000-2025) [CVE-2024-38077
Discovered: 8/11/2024 Impacted Tech: All Iterations of Windows Server (2000-2025) Summary:CVE-2024-38077, also known as “MadLicense,” is a critical 0-clickremote code execution (RCE) vulnerability in the WindowsRemote Desktop Licensing Service (RDL). It affects all versions ofWindows Server from 2000 to 2025, allowing attackers to gain fullcontrol of servers without any user interaction. Verify Exposure:This vulnerability is…
Vulnerability in Check Point Security Gateway (CVE-2024-24919): Path Traversal and Arbitrary File Read
Overview A critical security update has been released to address a vulnerability (CVE-2024-24919) in Check Point Network Security gateways. This vulnerability potentially allows an attacker to read certain information on Internet-connected gateways with remote access VPN or mobile access enabled. The affected configurations include scenarios with old local accounts using password-only authentication. Verify Exposure To…
Vulnerability in GlobalProtect feature of Palo Alto Networks PAN-OS (CVE-2024-3400): OS Command Injection
Overview A critical security vulnerability has been identified in specific versions of Palo Alto Networks PAN-OS software, which could allow an unauthenticated attacker to execute arbitrary code with root privileges on affected firewalls. This vulnerability is specifically present in the configurations where both the GlobalProtect gateway and device telemetry are enabled. The affected PAN-OS versions…
Vulnerability in Citrix NetScaler ADC and Gateway (CVE-2023-4966): Citrix Bleed
Overview: Multiple vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) affecting versions: Summary of Vulnerabilities: These vulnerabilities in NetScaler ADC and NetScaler Gateway result in unauthenticated buffer-related flaws, leading to sensitive information disclosure and denial of service under specific configurations (e.g., VPN virtual servers, ICA Proxy, CVPN, RDP…
TEMU Shopping App – Critical Vulnerability and Security Threat Alert
Date: 11/7/2023 Impacted Tech: TEMU App Software Introduction: Grizzly Research LLC, a research firm specializing in providing insights on publicly traded companies, has raised serious concerns regarding the shopping app TEMU, labeling it as “covert spyware with alarming implications for U.S. national security.” You can access the complete report here. TEMU is a shopping application…
Microsoft Exchange Critical Vulnerability Alert – ZDI-23-1578, ZDI-23-1579, ZDI-23-1580, ZDI-23-1581
ZDI-23-1578 ZDI-23-1579 ZDI-23-1580 ZDI-23-1581 Discovered: 9/7/2023 Impacted Tech: Microsoft Exchange Attacker Requirements: Authentication Highlights: Trend Micro’s Zero Day Initiative (ZDI) has recently disclosed four zero-day vulnerabilities that can be exploited by attackers to remotely execute arbitrary code or disclose sensitive information on affected installations. Microsoft has decided to delay the release of fixes for these…
Something went wrong. Please refresh the page and/or try again.
Receive Email Alerts
Receive future alerts delivered directly to your inbox.
Vulnerability Alert 