Lucene search
K

377 matches found

Patchstack
Patchstack
added 2026/05/11 2:50 p.m.10 views

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-parcel versions = 19.0.0, 19.0.6...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/11 2:50 p.m.4 views

GHSA-RV78-F8RC-XRXH Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

7.5CVSS5.9AI score0.01533EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/05/11 2:50 p.m.14 views

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/05/11 2:50 p.m.50 views

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-webpack versions = 19.0.0, 19.0.6...

7.5CVSS5.8AI score0.01533EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 2:50 p.m.11 views

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

7.5CVSS5.9AI score0.01533EPSS
Exploits1References5Affected Software3
Imperva Blog
Imperva Blog
added 2026/05/09 7:5 p.m.8 views

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

7.5CVSS5.9AI score0.01533EPSS
Exploits1
Snyk
Snyk
added 2026/05/06 7:32 p.m.18 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

8.7CVSS5.8AI score0.01533EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 7:32 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by...

8.7CVSS5.8AI score0.01533EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.6 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.5AI score0.02499EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/04/25 11:58 a.m.123 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Research Repository !License: MIThttps://i...

10CVSS7.9AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/04/22 12:58 p.m.100 views

Exploit for Deserialization of Untrusted Data in Facebook React

flight-risk flight risk /flaɪt rɪsk/ — React's Flight...

10CVSS7.9AI score0.99562EPSS
Exploits374
Nuclei
Nuclei
added 2026/04/16 6:43 a.m.24 views

React Server Components - Denial of Service

React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause...

7.5CVSS6.5AI score0.65592EPSS
Exploits13References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/15 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

7.5CVSS5.9AI score0.65592EPSS
In wildExploits10References2
Veracode
Veracode
added 2026/04/13 12:10 p.m.6 views

Denial Of Service

React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...

7.5CVSS7.2AI score0.01551EPSS
Exploits4References8Affected Software4
GithubExploit
GithubExploit
added 2026/04/13 5:48 a.m.120 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React Server Components RCE | CTF Writeup...

10CVSS6.2AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/04/11 5:0 a.m.262 views

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

7.5CVSS5.9AI score0.01551EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/04/11 5:0 a.m.284 views

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

7.5CVSS5.9AI score0.01551EPSS
Exploits4
OSV
OSV
added 2026/04/10 3:36 p.m.4 views

GHSA-V457-WXVJ-P9W9 @vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

7.5CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/10 3:36 p.m.8 views

@vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/10 3:35 p.m.3 views

GHSA-Q4GF-8MX6-V5V3 Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

7.5CVSS5.8AI score0.01551EPSS
Exploits4References3
Rows per page
Query Builder