GHSA-5J59-XGG2-R9C4 Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

GHSA-C6M7-Q6PR-C64R Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

EUVD-2025-203104

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components...

Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4 Patches Upgrade immediately to @vitejs/[email protected] or...

EUVD-2025-203105

Vite Plugin React has a Denial of Service Vulnerability in React Server Components...

GHSA-CPQF-F22C-R95X Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9 Patches Upgrade immediately to @vitejs/[email protected] or...

Vite Plugin React has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9 Patches Upgrade immediately to @vitejs/[email protected] or...

Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

EUVD-2025-202926

Denial of Service Vulnerability in React Server Components...

GHSA-7GMR-MQ3H-M5H9 Denial of Service Vulnerability in React Server Components

Impact It was found that the fix to address CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2 of: - react-server-dom-webpac...

Exploit for Deserialization of Untrusted Data in Facebook React

rsc-exposure-audit Black-box exposure audit for Next.js / Reac...

CVE-2025-14517

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed...

React-Zero-Day-Exploit-Laboratory

🚨 React Zero-Day Exploit Laboratory Interactive Secur...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Scanner & PoC Security tools for detecting CVE-...

Exploit for Deserialization of Untrusted Data in Facebook React

Vulnerable React Application CVE-2025-55182 This applicatio...

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

Exploit for Deserialization of Untrusted Data in Facebook React

REACT2SHELL 🎯 Quick Overview What is this? This tool is...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 PoC A Proof-of-Concept exploit f...

mysql8.4 security update

An update is available for mysql8.4. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server. MySQL is a...

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components RSC that, if successfully exploited, could result in denial-of-service DoS or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches release...