371 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Interactive exploitation tool...
React Server Components - Remote Code Execution
React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...
EUVD-2026-33988
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets...
PT-2026-46087
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...
Linux Distros Unpatched Vulnerability : CVE-2026-44582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the redirect handling of unstable React Server Components RSC APIs. An attacker can execute arbitrary JavaScript code in the user's browser by supplying a crafted javascript: redirect target from an untrusted...
CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077
React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...
PT-2026-45826
Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 Description A client-side Cross-Site Scripting XSS issue exists in the redirect handling of the unstable React Server Components RSC APIs. This occurs when redirects originate from untrusted sources...
Exploit for CVE-2025-66478
CVE-2025-66478-Research-Proof-of-Concept Overview This re...
CVE-2026-44576
A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components RSC when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing a...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Lab — React Server Components RCE !Dockerh...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React Server Components Pre-Auth RCE "React2...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-React2Shell xpl0ited by infrar3dhttps://git...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Security Lab "React2Shell" This repository c...
SECpocs
Next.js React Server Components RCE Exploit Exploits CVE-2025...
CVE-2026-44582
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44576
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...