Lucene search
K

41 matches found

Snyk
Snyk
added 2026/01/26 10:49 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Partial Prerendering resume endpoint when unauthenticated POST requests with the Next-Resume: 1 header are processed and attacker-controlled postpon...

8.2CVSS6AI score0.00444EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exceptions, or excessive CPU usage by sending...

8.7CVSS6.9AI score0.65592EPSS
Exploits10References2
Microsoft Secure
Microsoft Secure
added 2025/12/15 7:35 p.m.12 views

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

10CVSS8.9AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2025/12/13 4:24 p.m.164 views

Exploit for Deserialization of Untrusted Data in Facebook React

⚛️ React2Shell Exploit CVE-2025-55182 !Severityhttps://i...

10CVSS8.9AI score0.99562EPSS
Exploits372
Github Security Blog
Github Security Blog
added 2025/12/12 5:21 p.m.12 views

Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up

It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...

7.5CVSS5.6AI score0.65592EPSS
Exploits10References7Affected Software1
GithubExploit
GithubExploit
added 2025/12/12 8:50 a.m.205 views

Exploit for CVE-2025-55183

CVE-2025-55183 - Next.js RSC Server Function Source Code Discl...

5.3CVSS7AI score0.62405EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.17 views

Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

5.3CVSS7.1AI score0.62405EPSS
Exploits7References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/11 10:49 p.m.27 views

Next Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...

7.5CVSS6.8AI score0.65592EPSS
Exploits10References4Affected Software1
Snyk
Snyk
added 2025/12/11 8:43 p.m.11 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...

7.5CVSS7AI score0.65592EPSS
Exploits13References2
Qualys Blog
Qualys Blog
added 2025/12/11 7:41 a.m.16 views

React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components

On December 3, 2025, a critical remote code execution RCE vulnerability, dubbed "React2Shell," was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-55182, could lead to full server takeover and is rated CVSS 10.0. It is under active exploitation, has be...

10CVSS8.3AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2025/12/10 11:53 a.m.153 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Checker A portable Bash script to detect vulne...

10CVSS6.9AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/08 3:1 p.m.217 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell PoC A proof of concept exploit f...

10CVSS8.7AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/07 11:30 a.m.192 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell - CVE-2025-55182 Exploit PoC !Securityhttps://...

10CVSS7.9AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/06 7:44 p.m.244 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js/React RSC Scanner & Exploit - RCE...

10CVSS8.7AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/04 12:58 a.m.212 views

Exploit for CVE-2025-55182

CVE-2025-55182 / CVE-2025-66478 Vulnerability Scanner React...

10CVSS8.8AI score0.99562EPSS
Exploits386
Snyk
Snyk
added 2025/08/29 10:6 p.m.2 views

Use of Cache Containing Sensitive Information

Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...

6.3CVSS6.7AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/29 9:59 p.m.3 views

Missing Source Correlation of Multiple Independent Data

Overview next is a react framework. Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in image-optimizer. An attacker can cause arbitrary files to be downloaded with attacker-controlled content and filenames by supplying malicious external...

4.3CVSS7AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/29 9:33 p.m.2 views

Server-side Request Forgery (SSRF)

Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the resolve-routes. An attacker can access internal resources and potentially exfiltrate sensitive information by crafting requests containing user-controlled headers e.g.,...

8.3CVSS6.7AI score0.02328EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

next-forge 安全漏洞

next-forge is a production-grade Turborepo template for the Next.js application by Hayden Bleasel, an individual developer. A security vulnerability exists in versions prior to next-forge 3.0.11 that stems from the submission of BASEHUBTOKEN in the apps/web/.env.example file, which could lead to...

6.3CVSS6.4AI score0.00267EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.8 views

PT-2024-7169 · Vercel · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...

7.5CVSS7.5AI score0.00737EPSS
Exploits1References15
Rows per page
Query Builder