Lucene search
K

48 matches found

OSV
OSV
added 2025/12/11 10:49 p.m.5 views

GHSA-W37M-7FHW-FMV9 Next Server Actions Source Code Exposure

A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55183. A malicious HTTP request can...

5.3CVSS6.6AI score0.62405EPSS
Exploits7References4
Snyk
Snyk
added 2025/12/11 10:36 p.m.6 views

Deserialization of Untrusted Data

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...

8.7CVSS6.7AI score0.65592EPSS
Exploits13References2
Snyk
Snyk
added 2025/12/11 10:36 p.m.8 views

Deserialization of Untrusted Data

Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...

8.7CVSS6.7AI score0.65592EPSS
Exploits13References2
EUVD
EUVD
added 2025/12/11 10:36 p.m.9 views

EUVD-2025-202879

Source Code Exposure Vulnerability in React Server Components...

5.3CVSS6.4AI score0.62405EPSS
Exploits7References4
Snyk
Snyk
added 2025/12/11 8:43 p.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...

7.5CVSS7AI score0.65592EPSS
Exploits13References2
Snyk
Snyk
added 2025/12/11 8:43 p.m.11 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...

7.5CVSS7AI score0.65592EPSS
Exploits13References2
NVD
NVD
added 2025/12/11 8:16 p.m.10 views

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

5.3CVSS0.62405EPSS
Exploits7References2
OSV
OSV
added 2025/12/11 8:16 p.m.10 views

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

5.3CVSS6.7AI score0.62405EPSS
Exploits7References2
Vulnrichment
Vulnrichment
added 2025/12/11 8:4 p.m.7 views

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

5.3CVSS6.4AI score0.62405EPSS
Exploits7References2
CVE
CVE
added 2025/12/11 8:4 p.m.27 views

CVE-2025-55183

CVE-2025-55183 is a source code disclosure vulnerability in React Server Components (RSC) Server Functions. A crafted HTTP request to a vulnerable Server Function may cause the server to return the full source code of that function when the argument is stringified. Affected are RSC versions 19.0....

5.3CVSS6.4AI score0.62405EPSS
Exploits7References2Affected Software1
GithubExploit
GithubExploit
added 2025/12/10 8:39 a.m.149 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-PoC-exploit Next.js RCE via React Server Funct...

10CVSS7.1AI score0.99562EPSS
Exploits372
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-50276

Name of the Vulnerable Software and Affected Versions @vitejs/plugin-rs versions 0.5.5 and below Description The @vitejs/plugin-rs software, which provides React Server Components RSC support for Vite, contains a flaw that could allow for arbitrary remote code execution on the development server...

9.8CVSS7.7AI score0.00694EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Vite Plugin React 代码注入漏洞

Vite Plugin React is an open source plugin for Vite. A code injection vulnerability exists in Vite Plugin React 0.5.5 and earlier versions, which stems from an insecure dynamic import in the Server Functions API that could lead to remote code execution...

9.8CVSS7.9AI score0.00694EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2025/12/04 7:3 p.m.11 views

Imperva Customers Protected Against React Server Components (RSC) Vulnerability

Overview On December 3, 2025, the React and Next.js teams disclosed a critical security vulnerability CVSS 10.0, identified as React2Shell, affecting applications that leverage React Server Components together with Server Actions or Server Functions. The React2Shell vulnerability stems from...

10CVSS8.1AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2025/12/04 11:49 a.m.221 views

Exploit for CVE-2025-55182

CVE-2025-55182 This vulnerability allows RCE in React Server...

10CVSS6.9AI score0.99562EPSS
Exploits372
Snyk
Snyk
added 2025/12/03 4:39 p.m.8 views

Arbitrary Code Injection

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code ...

10CVSS7.7AI score0.99562EPSS
Exploits372References3
Akamai Blog
Akamai Blog
added 2025/12/03 7:0 a.m.11 views

CVE-2025-55182: React and Next.js Server Functions Deserialization RCE

...

10CVSS7AI score0.99562EPSS
Exploits372
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-1985

Malware in sbrugna...

6.8CVSS9.2AI score0.02109EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.5 views

CVE-2023-33363

An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...

7.5CVSS7.2AI score0.00551EPSS
Exploits0References1
OSV
OSV
added 2021/09/07 12:15 p.m.1 views

DEBIAN-CVE-2021-37219

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...

8.8CVSS6.4AI score0.0123EPSS
Exploits0References1
Rows per page
Query Builder