103 matches found
CVE-2025-68130
Summary: CVE-2025-68130 is a prototype pollution flaw in @trpc/server (formDataToObject) used by the Next.js App Router adapter when experimental_nextAppDirCaller is enabled. The root cause is that formDataToObject processes bracket/dot-notation keys without validating dangerous keys (e.g., proto...
EUVD-2025-203822
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.Js React Server Components RSC Vulnerabilities This re...
FreeBSD : github-release-monitor -- multiple vulnerabilities (7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7a1bd1ca-cf40-41e2-9c5f-143a0d4b17af advisory. https://nextjs.org/blog/security-update-2025-12-11 reports: A specifically crafted HTTP reques...
GHSA-5J59-XGG2-R9C4 Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...
GHSA-W37M-7FHW-FMV9 Next Server Actions Source Code Exposure
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...
Next Server Actions Source Code Exposure
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...
GHSA-MWV6-3258-Q52C Next Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...
Next Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...
Exploit for Deserialization of Untrusted Data in Facebook React
RSC Infra Scanner rscinfrascan.py is a fast, asynchronous...
Exploit for Deserialization of Untrusted Data in Facebook React
NextRce - Next.js RSC Exploit Tool CVE-2025-55182...
Exploit for CVE-2025-55182
React2Shell – Critical Remote Code Execution in React Server C...
Exploit for CVE-2025-55182
React2Shell – Critical Remote Code Execution in React Server C...
Exploit for CVE-2025-55182
React2Shell: RCE 0-day in React Server Components CVE-2025-5...
Exploit for CVE-2025-55182
CVE-2025-55182-exp 🔥 Overview CVE-2025-55182 is a cri...
Exploit for CVE-2025-55182
CVE-2025-55182 POC for Next.js App-Router CVE-2025-55182 POC...
ZEIT Next.js Remote Code Execution Vulnerability
Next.js is a React framework for building full-stack web applications. ZEIT Next.js suffers from a remote code execution vulnerability that stems from Next.js versions 15.x and 16.x relying on a flawed React server-side DOM package when using App Router, which can be exploited by an attacker to...
GHSA-9QR9-H5GF-34MP Next.js is vulnerable to RCE in React flight protocol
A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js:...