eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances.
Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions of multiple packs, affecting React Server Components. The versions that are affected include 19.0, 19.1.0, 19.1.1, and 19.2.0, of react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. The bug is now tracked as CVE-2025-55182, and was given a severity score of 10/10 (critical).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft Security Bulletin Coverage for June 2024
June 11, 2024
Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. Read more… Source: Sonicwall Sign up for our Newsletter Related:
- QR code SQL injection and other vulnerabilities in a popular biometric terminal
June 11, 2024
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric ...
- Law firm Kirkland sued in class action over MOVEit data breach
June 10, 2024
U.S. law firm Kirkland & Ellis, the world’s largest law firm by revenue, has been pulled into U.S. litigation over a wide-ranging data breach linked to a file transfer tool that compromised data at hundreds of organizations. A proposed class action, opens new tab filed on Friday accused Kirkland and several other companies, including health insurer ...
- Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
June 6, 2024
Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...
- Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)
June 5, 2024
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading ...
- The Dreaded Network Pivot: An Attack Intelligence Story
June 4, 2024
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to their annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with their detection and response and threat intelligence teams. It is designed to provide the clearest view yet into ...