Tootfinder

“A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.“
#vulnerability

OpenSSL Security Advisory [30th September 2025]
#openssl #vulnerability

We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability

GCVE BCP-05 drafting - Best practices for the "container" format - modified CVE Record Format
Thanks @claudex . This is an excellent point and would also improve the ability to parse GCVE records reliably. Below is a proposal for a record_type field that would serve as a key within each GCVE record. Feel free to comment. @cedric I incorporated the idea concerning the sync of the comment (not sure if the most efficient way). Proposed update to BCP-05 (following the online workshop of 6th December in Belgium) The record_type field defines the semantic category of the content submitted by…

"While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful #EntraID #vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deploymen…

#Redis Critical Remote Code Execution #Vulnerability Discovered After 13 Years
https://www.infoq.com/news/2025…

We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @…
#cve #vulnerability

Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
We published all the materials from the workshop given at #hacklu 2025
#gcve