Lucene search
K

103 matches found

CVE
CVE
added 2025/12/16 4:50 p.m.17 views

CVE-2025-68130

Summary: CVE-2025-68130 is a prototype pollution flaw in @trpc/server (formDataToObject) used by the Next.js App Router adapter when experimental_nextAppDirCaller is enabled. The root cause is that formDataToObject processes bracket/dot-notation keys without validating dangerous keys (e.g., proto...

8.5CVSS6.7AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 4:50 p.m.4 views

EUVD-2025-203822

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

8.5CVSS6.5AI score0.00357EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/14 5:18 p.m.191 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.Js React Server Components RSC Vulnerabilities This re...

10CVSS8.8AI score0.99562EPSS
Exploits384
Tenable Nessus
Tenable Nessus
added 2025/12/13 12:0 a.m.9 views

FreeBSD : github-release-monitor -- multiple vulnerabilities (7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af advisory. https://nextjs.org/blog/security-update-2025-12-11 reports: A specifically crafted HTTP reques...

7.5CVSS6.5AI score0.65592EPSS
Exploits13References4
OSV
OSV
added 2025/12/12 5:21 p.m.6 views

GHSA-5J59-XGG2-R9C4 Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

7.5CVSS6AI score0.65592EPSS
Exploits10References7
Github Security Blog
Github Security Blog
added 2025/12/12 5:21 p.m.12 views

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

7.5CVSS5.6AI score0.65592EPSS
Exploits10References7Affected Software1
OSV
OSV
added 2025/12/11 10:49 p.m.5 views

GHSA-W37M-7FHW-FMV9 Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

5.3CVSS6.6AI score0.62405EPSS
Exploits7References4
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.21 views

Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

5.3CVSS7.1AI score0.62405EPSS
Exploits7References4Affected Software1
OSV
OSV
added 2025/12/11 10:49 p.m.4 views

GHSA-MWV6-3258-Q52C Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

7.5CVSS5.9AI score0.65592EPSS
Exploits10References4
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.28 views

Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

7.5CVSS6.8AI score0.65592EPSS
Exploits10References4Affected Software1
GithubExploit
GithubExploit
added 2025/12/10 7:52 a.m.171 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...

10CVSS8.6AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2025/12/06 11:36 p.m.218 views

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Infra Scanner rscinfrascan.py is a fast, asynchronous...

10CVSS7.9AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2025/12/06 9:54 p.m.321 views

Exploit for Deserialization of Untrusted Data in Facebook React

NextRce - Next.js RSC Exploit Tool CVE-2025-55182...

10CVSS7.9AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2025/12/05 1:38 p.m.404 views

Exploit for CVE-2025-55182

React2Shell – Critical Remote Code Execution in React Server C...

10CVSS8.3AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2025/12/05 1:38 p.m.251 views

Exploit for CVE-2025-55182

React2Shell – Critical Remote Code Execution in React Server C...

10CVSS8.3AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2025/12/05 11:29 a.m.709 views

Exploit for CVE-2025-55182

React2Shell: RCE 0-day in React Server Components CVE-2025-5...

10CVSS8.7AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2025/12/05 6:7 a.m.194 views

Exploit for CVE-2025-55182

CVE-2025-55182-exp 🔥 Overview CVE-2025-55182 is a cri...

10CVSS7.6AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2025/12/04 2:58 p.m.275 views

Exploit for CVE-2025-55182

CVE-2025-55182 POC for Next.js App-Router CVE-2025-55182 POC...

10CVSS7.7AI score0.99562EPSS
Exploits374
CNVD
CNVD
added 2025/12/04 12:0 a.m.5 views

ZEIT Next.js Remote Code Execution Vulnerability

Next.js is a React framework for building full-stack web applications. ZEIT Next.js suffers from a remote code execution vulnerability that stems from Next.js versions 15.x and 16.x relying on a flawed React server-side DOM package when using App Router, which can be exploited by an attacker to...

8.2AI score
Exploits111References1
OSV
OSV
added 2025/12/03 7:7 p.m.3 views

GHSA-9QR9-H5GF-34MP Next.js is vulnerable to RCE in React flight protocol

A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js:...

10CVSS5.9AI score0.99562EPSS
Exploits374References5
Rows per page
Query Builder