react2shell-poc

日本語 !CAUTION For Authorized Security Re...

Argus: Reorchestrating Static Analysis Via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection

Recent advancements in Large Language Models LLMs have sparked interest in their application to Static Application Security Testing SAST, primarily due to their superior contextual reasoning capabilities compared to traditional symbolic or rule-based methods. However, existing LLM-based approache...

Exploit for Deserialization of Untrusted Data in Facebook React

No d...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Scanner & Exploit Toolkit for Next...

K000158155: React framework vulnerability CVE-2025-55183

Security Advisory Description An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and...

K000158154: React framework vulnerability CVE-2025-55184

Security Advisory Description A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-PoC-exploit Next.js RCE via React Server Funct...

Exploit for Deserialization of Untrusted Data in Facebook React

Hunting for CVE-2025-55182 Using Open Source Intelligenc...

Exploit for Deserialization of Untrusted Data in Facebook React

c...

K000158058: React framework vulnerability CVE-2025-55182

Security Advisory Description A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable...

EUVD-2025-19911

Malicious code in bioql PyPI...

CVE-2024-47831

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Neither t...

CVE-2024-47831

CVE-2024-47831 concerns Next.js image optimization DoS affecting Next.js branches 10.x–14.x prior to 14.2.7. The vulnerability allows high CPU usage under crafted image requests. Public details show remediation in Next.js 14.2.7. Workaround: ensure next.config.js sets either images.unoptimized, i...

CVE-2024-39693

CVE-2024-39693 is a DoS in Next.js (React framework) that can crash the server, affecting availability. The issue affects Next.js versions prior to 13.5 and is resolved in 13.5 and later. Connected sources consistently describe a DoS condition without detailing exploit vectors or specific vulnera...

CVE-2024-34350

CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...

Shopify: Attacker is able to query Github repositories of arbitrary Shopify Hydrogen Users

Private GitHub repositories of arbitrary Shopify Hydrogen users were accessible to attackers due to a vulnerability in the Hydrogen app. Attackers could query the GitHub account of any Hydrogen user and obtain sensitive information such as private repositories...

Code injection

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

CVE-2022-36046

CVE-2022-36046 (Next.js) affects Next.js 12.2.3 when run on Node.js > v15 with strict unhandledRejection and using next start or a custom server; deployments on Vercel are not affected. The issue causes a denial of service via unhandledRejection handling in the server, leading to a crash under...

CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...