41 matches found
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Partial Prerendering resume endpoint when unauthenticated POST requests with the Next-Resume: 1 header are processed and attacker-controlled postpon...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exceptions, or excessive CPU usage by sending...
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...
Exploit for Deserialization of Untrusted Data in Facebook React
⚛️ React2Shell Exploit CVE-2025-55182 !Severityhttps://i...
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
It was discovered that the fix for CVE-2025-55184 in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. This vulnerability affects React...
Exploit for CVE-2025-55183
CVE-2025-55183 - Next.js RSC Server Function Source Code Discl...
Next Server Actions Source Code Exposure
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...
Next Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55184. A malicious HTTP request can...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...
React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components
On December 3, 2025, a critical remote code execution RCE vulnerability, dubbed "React2Shell," was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-55182, could lead to full server takeover and is rated CVSS 10.0. It is under active exploitation, has be...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Checker A portable Bash script to detect vulne...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - React2Shell PoC A proof of concept exploit f...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell - CVE-2025-55182 Exploit PoC !Securityhttps://...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js/React RSC Scanner & Exploit - RCE...
Exploit for CVE-2025-55182
CVE-2025-55182 / CVE-2025-66478 Vulnerability Scanner React...
Use of Cache Containing Sensitive Information
Overview next is a react framework. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the image optimization process, when responses from API routes vary based on request headers such as Cookie or Authorization. An attacker can gain unauthorized...
Missing Source Correlation of Multiple Independent Data
Overview next is a react framework. Affected versions of this package are vulnerable to Missing Source Correlation of Multiple Independent Data in image-optimizer. An attacker can cause arbitrary files to be downloaded with attacker-controlled content and filenames by supplying malicious external...
Server-side Request Forgery (SSRF)
Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the resolve-routes. An attacker can access internal resources and potentially exfiltrate sensitive information by crafting requests containing user-controlled headers e.g.,...
next-forge 安全漏洞
next-forge is a production-grade Turborepo template for the Next.js application by Hayden Bleasel, an individual developer. A security vulnerability exists in versions prior to next-forge 3.0.11 that stems from the submission of BASEHUBTOKEN in the apps/web/.env.example file, which could lead to...
PT-2024-7169 · Vercel · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions 10.x through 14.x before version 14.2.7 Description: The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service DoS condition that could lead t...