NVD disclosure day

Published threat advisories for November 3, 2025

CVE advisoryKnown Exploit

CVE-2025-11953

React Native Community CLI OS Command Injection Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

The React Native Community CLI's Metro Development Server has a vulnerability that allows unauthenticated network attackers to execute arbitrary commands. This can impact an organization's systems and data by enabling unauthorized code execution. The CISA has listed this vulnerability as actively exploited.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2025-0987

CVLand Authorization Bypass Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An authorization bypass vulnerability in CVLand allows parameter injection, potentially leading to unauthorized data access and modification. The vendor has not responded to inquiries, leaving the full impact and available fixes uncertain. This issue requires attention to confirm its relevance and exposure within your

NVD published: