CISA Adds One Known Exploited Vulnerability to Catalog

Updated December 9, 2025: Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, see React Blog: Critical Security Vulnerability in React Server Componentslink is external. CISA has added one new vulnerability to its...

Exploit for Deserialization of Untrusted Data in Facebook React

🛡️ RSC Sentinel Pro Advanced React Server Components R...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner !Pythonhttps://img.shields.i...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner A full-featured exploitation ut...

IBM: [RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182

Vulnerability description not provided...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Scanner Simple command-line tool for detecting...

Exploit for Deserialization of Untrusted Data in Facebook React

🔥 RSC RCE Exploit Toolkit !Versionhttps://img.shields.io...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell !Languagehttps://img.shields.io/badge/Language...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Indicator Scanner This repository provides a...

📄 React 19.2.0 PHP Scanner / Remote Code Execution

This project delivers a PHP-based vulnerability scanner and remote code execution exploit for CVE‑2025‑55182 affecting React Server Components. It leverages RSC serialization weaknesses to execute arbitrary commands and validate successful exploitation...

React 19 Server Components Critical Vulnerability (CVE-2025-55182, CVE-2025-55183, CVE-2025-55184)

On December 3, 2025, the React team disclosed a critical remote code execution vulnerability CVE-2025-55182, CVSS 10.0 affecting React 19 Server Components. This vulnerability has raised concerns among Vaadin users and security scanning tools. Update: On December 11 and 12, 2025, two new...

📄 React / Next.js Unauthenticated Remote Code Execution

A critical unauthenticated remote code execution vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with proto, constructor, o...

Arbitrary Code Injection

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Vulnerability Scanner A safe, non-invasive scanne...

Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)

The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing atta...

Exploit for Deserialization of Untrusted Data in Facebook React

🧨 React2Hell — CVE-2025-55182 Exploit 🔥 Next.js / React...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell PoC A proof of concept exploit f...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Demonstration Lab Next.js / React RSC RCE Th...

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Surface & Crash Detector This tool is a non-intrusive sec...

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you'll miss how fast the threat map is changing. New flaws are being...