This vulnerability is caused by a structural design flaw in the React Server Components (RSC) and Next.js Server Function processing flow, where server-side logic unsafely applies Flight-based deserialization to client-supplied input, resulting in insecure JavaScript object interpretation. An attacker can trigger the vulnerable code path using a crafted HTTP request without authentication, leading to remote Read more about [2025.12 Vulnerability Report] React2Shell (CVE-2025-55182)[…]

Grafana Enterprise is a critical asset that handles core enterprise monitoring data. CVE-2025-41115 is a critical vulnerability that allows an attacker to gain administrator privileges with a single HTTP request, without even logging in. With detailed analysis and proof-of-concept (PoC) techniques already being discussed, exploitation attempts are expected to surge. Therefore, customers using the platform Read more about [2025.12 Vulnerability Report] Grafana SCIM Privilege Escalation Vulnerability (CVE-2025-41115)[…]

This vulnerability is a remote code execution vulnerability in Oracle E-Business Suite. An attacker could exploit multiple vulnerabilities in the service to execute malicious commands. A patch for this vulnerability was released in October 2025, and AIWAF products will address this vulnerability through the “Oracle E-Business RCE Chain” pattern, which will be added in the Read more about [2025.11 Vulnerability Report] Oracle E-Business Suite RCE Chain[…]

GroupOffice is a system provided to businesses, and the CVE-2025-63406 vulnerability in this service is a critical vulnerability that could allow remote code execution without authentication. Given the detailed analysis of the vulnerability and the high potential for remote exploitation, exploitation attempts are expected to be active. Therefore, customers using this platform should patch to Read more about [2025.11 Vulnerability Report] Intermesh BV GroupOffice Remote Code Execution(CVE-2025-63406)[…]

We analyze a technique that abuses the dump functionality of Windows Error Reporting (WerFaultSecure) to temporarily freeze EDR/antivirus processes and manipulate their execution state. An attacker supplies the target process’s PID to WerFaultSecure, and during the collection of a dump for the protected process (PPL, Protected Process Light), WerFaultSecure suspends the target process. The research Read more about [2025.11 Vulnerability Report] EDR-Freeze Based Neutralization Techniques Targeting Protected Processes (PP/PPL)[…]

Microsoft released a security update in March 2025 that fixes a vulnerability in Windows File Explorer where NTLM authentication data could be leaked when Explorer processes files inside archive files (e.g., ZIP/RAR). The issue was initially assigned CVE-2025-24071 and was later re-identified as CVE-2025-24054. NTLM (New Technology LAN Manager) is an authentication protocol used in Read more about [2025.10 Vulnerability Report] CVE-2025-24054: NTLM Hash Exfiltration via .library-ms in Windows Explorer[…]

PluXml CMS is a widely used content management system (CMS) for personal and small website environments. The recently discovered CVE-2025-57567 vulnerability resides in the theme editor feature within the service’s admin panel, allowing an authenticated administrator to inject arbitrary PHP code, potentially leading to remote code execution (RCE). This vulnerability is extremely dangerous, as a Read more about [2025.10 Vulnerability Report] PluXml CMS — Theme Editor Authenticated Admin Remote Code Execution (CVE-2025-57567)[…]