Exploit for Deserialization of Untrusted Data in Facebook React

REACT2SHELL CVE-2025-55182 CVE-2025-55182 & CVE-2025-66478 p...

CVE-2025-30218 Next.js may leak x-middleware-subrequest-id to external hosts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host ...