IEEE

Dynamic Data Updates and Weight Optimization for Predicting Vulnerability Exploitability

Abstract: With the purpose of managing efficiency in a large number of published vulnerabilities, the time-intensive process requires significant effort and efficient vulnerability prioritization ...
Security Boulevard

WordPress Vulnerability Scanner Reveals How Exposed Your Website Really Is

WordPress powers about 43% of all websites worldwide. This makes it an indispensable platform for organizations of all sizes. Unfortunately, that popularity also makes WordPress a prime target for ...
IEEE

CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions

Abstract: Scripting languages like Python or JavaScript are extremely popular among developers, in part due to their massive open-source ecosystems that enable smooth code reuse. However, recent work ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
The Hacker News

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team ...
The Hacker News

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV ...
Bleeping Computer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...
Bleeping Computer

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO ...
SecurityWeek

Adobe Patches Nearly 140 Vulnerabilities

The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. Adobe on Tuesday announced the rollout of patches for nearly 140 ...
SecurityWeek

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. Microsoft on Tuesday announced patches for 57 vulnerabilities as part of its ...
aha.org

CISA alerts of critical vulnerability impacting free program used for building user interfaces

A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog.