React Server Components promise less client-side JavaScript, but that convenience can hide serious risk. Learn how CVE-2025-55182 (CVSS 10.0) enables critical RCE in the RSC ecosystem, why it happened, and how the public exploit works against React’s server-side handling.

The post CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization appeared first on OffSec.

CVE-2025-59287 exposes a critical WSUS deserialization flaw enabling unauthenticated remote code execution via unsafe AuthorizationCookie handling. Learn the risks and fixes.

The post Unauthenticated Remote Code Execution Vulnerability in WSUS Service appeared first on OffSec.

Discover multiple Redis CVEs, including the critical CVE-2025-49844 — a 13-year-old use-after-free vulnerability in the Lua parser that can allow remote code execution and server crashes.

The post Recent Vulnerabilities in Redis Server’s Lua Scripting Engine appeared first on OffSec.