470 matches found
React Server Components deserialization vulnerability
Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...
github-release-monitor -- multiple vulnerabilities
https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
Incomplete List of Disallowed Inputs
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via improper validation of the returnTo parameter. An attacker can cause tokens to be issued with unintended parameters by injecting...
Incorrect Authorization
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization via improper lookups in TokenRequestCache. An attacker can access sensitive information belonging to other users by making simultaneous requests on t...
GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK
Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...
Exploit for Improper Authorization in Vercel Next.Js
Next.js RCE Scanner Scanner for CVE-2025-29927 - Next.js/...
Exploit for Deserialization of Untrusted Data in Facebook React
🚀 React2Shell Exploiter Advanced Exploitation & Server I...
nextjs-auth0 安全漏洞
nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...
PT-2025-50552
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — demo This repository provides a demonstratio...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell A scanner for detecting and exploiting Next.js...
Exploit for CVE-2025-66478
monorepo-nextjs-npm-nested-versions - VULNERABLE CVE-2025-664...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Next.js RCE Exploit Tool 中文文档./README.zh-CN...
Exploit for CVE-2025-66478
CVE-2025-66478 – Next.js Server Actions RCE Vulnerability: Ana...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Scanner Simple command-line tool for detecting...
Exploit for Deserialization of Untrusted Data in Facebook React
Parameters - -f: File to scan default: urls.txt - -f...
Exploit for Deserialization of Untrusted Data in Facebook React
NextRce - Next.js RSC Exploit Tool CVE-2025-55182...