Next.js Framework React Server Components Source Code Exposure (CVE-2025-55183)

The Next.js Framework on the remote host is affected by a source code exposure vulnerability: - An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages:...

Next.js Framework React Server Components DoS (CVE-2025-55184)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages:...

Huawei EulerOS: Security Advisory for icu (EulerOS-SA-2025-2579)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Deserialization of Untrusted Data in Facebook React

⚡ React2Shell Exploit PoC CVE-2025-66478 Next.js Remote...

Security Bulletin: MANTA Automated Data Lineage for IBM Cloud Pak for Data is vulnerable to Critical Security Vulnerability in React Server Components CVE-2025-55182

Summary MANTA Automated Data Lineage for IBM Cloud Pak for Data is affected by React Server Components CVE-2025-55182. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1...

CVE-2025-64724

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...

CVE-2025-64724 Arduino IDE for macOS has Insecure File Permissions

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shell-scanner-bypasswaf A command-line tool for detecti...

EulerOS Virtualization 2.13.1 : icu (EulerOS-SA-2025-2544)

According to the versions of the icu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct...

Exploit for CVE-2025-66516

⚠️ READ DISCLAIMER BEFORE USE ⚠️ Educat...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

Malicious Package

Overview mona-speedy-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

Directory Traversal

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...

EUVD-2025-203834

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

CVE-2025-68155

The CVE concerns @vitejs/plugin-rsc (used with Vite) in development mode. Prior to version 0.5.8, the endpoint /__vite_rsc_findSourceMapURL accepts a file:// URL in the filename query parameter, converts it to a filesystem path, and reads the target file without validating its location, returning...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React2Shell CVE-2025-55182 Expl0it A proof-of-conce...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities.

Summary There are vulnerabilities in IBM® Java™, IBM® Semeru Runtime and Open-Source Software OSS components used by IBM Cognos Dashboards on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary...

CVE-2025-34180

NetSupport Manager 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored...