Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by submitting input that exceeds allocated buffer sizes, leading to memory corruption.
This classic CWE-120 buffer overflow enables remote unauthenticated code execution with high impact on confidentiality, integrity, and availability,...
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for content analysis and extraction. CVE-2025-66516 has a perfect CVSS score of 10.0, indicating it is critical.
Disclosed on December 4, 2025, by the Apache Software Foundation, the vulnerability exposes...
Attackers can keep access to AWS accounts even after admins delete compromised keys.
New research from OffensAI shows how AWS Identity and Access Management (IAM) eventual consistency creates a 4-second window for persistence.
During this gap, deleted access keys still work, letting hackers create...
CISA has added CVE-2025-55182, dubbed React2Shell, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation.
This critical remote code execution flaw affects React Server Components and related frameworks.
Vulnerability Overview
React2Shell (CVE-2025-55182) carries a CVSS score of 10.0, enabling unauthenticated attackers to execute...
Vercel has released a new command-line tool, fix-react2shell-next, to help developers quickly detect and patch CVE-2025-66478, a critical remote code execution (RCE) vulnerability dubbed "React 2 Shell" that affects Next.js and React Server Components (RSC) apps.
Available via npx fix-react2shell-next, the tool recursively scans...
Cal.com, a popular open-source scheduling platform, faces a critical authentication flaw that allows attackers to bypass password checks by using fake TOTP codes.
Security researcher Emrysal disclosed the issue last week via GitHub Advisory GHSA-9r3w-4j8q-pw98.
Rated critical, it affects versions up to 5.9.7. Users...