PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version 2.0.9, released on December 16, 2025.
This free BApp, authored by Director of Research James Kettle, now detects React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478), alongside a suite of other high-impact...
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol (MCP) sampling feature used in AI coding copilots.
Malicious MCP servers can inject prompts to steal compute resources, hijack chats, and run hidden tools without user knowledge.
MCP Basics and...
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting input that exceeds allocated buffer sizes, leading to memory corruption.
This classic CWE-120 buffer overflow enables remote unauthenticated code execution with high impact on confidentiality, integrity, and availability,...
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for content analysis and extraction. CVE-2025-66516 has a perfect CVSS score of 10.0, indicating it is critical.
Disclosed on December 4, 2025, by the Apache Software Foundation, the vulnerability exposes...
Attackers can keep access to AWS accounts even after admins delete compromised keys.
New research from OffensAI shows how AWS Identity and Access Management (IAM) eventual consistency creates a 4-second window for persistence.
During this gap, deleted access keys still work, letting hackers create...
CISA has added CVE-2025-55182, dubbed React2Shell, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation.
This critical remote code execution flaw affects React Server Components and related frameworks.
Vulnerability Overview
React2Shell (CVE-2025-55182) carries a CVSS score of 10.0, enabling unauthenticated attackers to execute...