4877 matches found
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
CVE-2025-55184
CVE-2025-55184 is a pre-authentication Denial of Service vulnerability in React Server Components from versions 19.0.0 through 19.2.2 (affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack). The issue arises from unsafe deserialization of HTTP payloads sent t...
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...
CVE-2025-55183
CVE-2025-55183 is a source code disclosure vulnerability in React Server Components (RSC) Server Functions. A crafted HTTP request to a vulnerable Server Function may cause the server to return the full source code of that function when the argument is stringified. Affected are RSC versions 19.0....
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js React Server Components RCE Exploit Exploits CVE-2025...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell Exploit - CVE-2025-55182 Author: andrei2308...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 Visualization An interactive edu...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Exploit Overview CVE-2025-55...
CVE-2025-55183 and CVE-2025-55184: Mitigating React/Next.js Vulnerabilities
...
React2Shell: Decoding CVE-2025-55182 – The Silent Threat in React Server Components
On December 3, 2025, a critical remote code execution RCE vulnerability, dubbed "React2Shell," was disclosed, impacting React Server Components and frameworks like Next.js. The flaw, CVE-2025-55182, could lead to full server takeover and is rated CVSS 10.0. It is under active exploitation, has be...
It didn’t take long: CVE-2025-55182 is now under active exploitation
On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React2Shell, as it affects React Server Components RSC functionality used in web applications built with the React library. RSC...
Exploit for Deserialization of Untrusted Data in Facebook React
CV...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Exploitation Tool A comprehensive security res...
Exploit for CVE-2025-66478
Next.js-RSC-RCE-Scanner-CVE-2025-66478 CVE-2025-66478 Next.js...
PT-2025-50722
Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.1 react-server-dom-parcel versions 19.0.0 through 19.2.1 react-server-dom-turbopack versions 19.0.0 through 19.2.1 react-server-dom-webpack versions 19.0.0 through 19.2.1 Description An information leak issue...
Meta React Server Components 安全漏洞
Meta React Server Components is a series of components from Meta USA. A security vulnerability exists in Meta React Server Components versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1, which stems from insecure deserialization of HTTP request loads and could lead to an infinite...
React Server Components deserialization vulnerability
Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...