React Server Components (RSC) in React 19.x suffer from insecure deserialization in the "Flight" protocol, allowing attackers to send crafted HTTP requests to Server Function endpoints for arbitrary code execution without authentication.
The flaw affects react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack versions 19.0.0 through 19.2.0.
Frameworks...
A critical XML External Entity (XXE) vulnerability in Apache Tika, tracked as CVE-2025-66516, exposes users to attacks through specially crafted PDF files containing XFA content.
Disclosed on December 4, 2025, by Apache security team member Tim Allison, this flaw affects core parsing modules across...
The UK's National Cyber Security Centre (NCSC) has rolled out its Proactive Notification Service, partnering with internet monitoring firm Netcraft to directly alert system owners about vulnerabilities.
This pilot program scans public internet data to spot outdated software exposing organizations to attacks.
Launched as...
NVIDIA has issued a security bulletin warning about two high-severity vulnerabilities in its Triton Inference Server software.
These flaws allow remote attackers to cause denial-of-service conditions on Linux systems by injecting specially crafted inputs.
Vulnerability Details
Attackers can exploit CVE-2025-33211 by improperly validating a specified quantity...
A serious command injection vulnerability in Cacti, a popular open-source network monitoring tool, allows authenticated attackers to execute arbitrary commands remotely.
Dubbed a high-severity issue by security researcher TheWitness, the flaw (GHSA-c7rr-2h93-7gjf) affects versions up to 1.2.28.
Users should update to the patched 1.2.29...
Security firm Aikido Security uncovered PromptPwnd, a flaw in GitHub Actions and GitLab CI/CD pipelines linked to AI agents.
This issue allows attackers to inject harmful prompts via user input, including issues and pull requests. At least five Fortune 500 firms face risks, with...