368 matches found
EUVD-2026-33988
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets...
Linux Distros Unpatched Vulnerability : CVE-2026-44582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...
CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077
React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...
PT-2026-45826
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
React Server Components - Remote Code Execution
React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...
Exploit for CVE-2025-66478
CVE-2025-66478-Research-Proof-of-Concept Overview This re...
CVE-2026-44576
A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components RSC when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing a...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Lab — React Server Components RCE !Dockerh...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React Server Components Pre-Auth RCE "React2...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-React2Shell xpl0ited by infrar3dhttps://git...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Security Lab "React2Shell" This repository c...
SECpocs
Next.js React Server Components RCE Exploit Exploits CVE-2025...
CVE-2026-44582
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44576
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44576
CVE-2026-44576 affects Next.js (React Server Components). In affected versions 14.2.0 to before 15.5.16 and 16.2.5, shared caches that do not properly partition response variants can poison the cache by serving an RSC response from the original URL, causing subsequent visitors to receive componen...
CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...