Maritime
CVE-2025-20393 Critical Cisco AsyncOS COMMAND INJECTION EXPLOITED IN WILD Cisco AsyncOS flaw allows remote attackers to execute arbitrary commands with root-level privileges due to improper input validation, granting full control over the underlying operating system. Exploitation has been observed in the wild and is limited to appliances where the Spam
CyberVolk
CVE-2025-6389 Critical Sneeit Framework WordPress Plugin REMOTE CODE EXECUTION UNAUTHENTICATED Allows unauthenticated remote code execution due to unsafe handling of user input passed to call_user_func. An attacker can execute arbitrary server-side code, potentially creating admin users or installing backdoors, leading to full WordPress site compromise. Mitigation: Immediately update
Calisto
CVE-2025-55182 Critical React Server Components PRE-AUTH RCE NO AUTHENTICATION Pre-authentication remote code execution vulnerability affecting multiple versions of React Server Components, including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. Allows attackers to execute arbitrary code without any credentials. Mitigation: Upgrade to patched React Server Components versions immediately and implement strict request validation on