Vercel has released a new command-line tool, fix-react2shell-next, to help developers quickly detect and patch CVE-2025-66478, a critical remote code execution (RCE) vulnerability dubbed "React 2 Shell" that affects Next.js and React Server Components (RSC) apps.
Available via npx fix-react2shell-next, the tool recursively scans...
Cal.com, a popular open-source scheduling platform, faces a critical authentication flaw that allows attackers to bypass password checks by using fake TOTP codes.
Security researcher Emrysal disclosed the issue last week via GitHub Advisory GHSA-9r3w-4j8q-pw98.
Rated critical, it affects versions up to 5.9.7. Users...
React Server Components (RSC) in React 19.x suffer from insecure deserialization in the "Flight" protocol, allowing attackers to send crafted HTTP requests to Server Function endpoints for arbitrary code execution without authentication.
The flaw affects react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack versions 19.0.0 through 19.2.0.
Frameworks...
AWS SageMaker provides managed Jupyter notebook instances for data science tasks. These instances link to IAM execution roles with broad permissions for storage, compute, and model access.
Attackers need only four key permissions: sagemaker: StopNotebookInstance, sagemaker: CreateNotebookInstanceLifecycleConfig (or update existing), sagemaker: UpdateNotebookInstance, and sagemaker:...
A critical XML External Entity (XXE) vulnerability in Apache Tika, tracked as CVE-2025-66516, exposes users to attacks through specially crafted PDF files containing XFA content.
Disclosed on December 4, 2025, by Apache security team member Tim Allison, this flaw affects core parsing modules across...
The UK's National Cyber Security Centre (NCSC) has rolled out its Proactive Notification Service, partnering with internet monitoring firm Netcraft to directly alert system owners about vulnerabilities.
This pilot program scans public internet data to spot outdated software exposing organizations to attacks.
Launched as...