4877 matches found
React Server Components deserialization vulnerability
Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...
Exploit for Deserialization of Untrusted Data in Facebook React
R2SAE - React2Shell Auto-Exploit A Firefox extension...
CVE-2025-67489
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Reproduction Environment ⚠️...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 A simp...
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components RSC to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a...
Exploit for Deserialization of Untrusted Data in Facebook React
This is a Next.js project bootstrapped wit...
Exploit for Deserialization of Untrusted Data in Facebook React
🛡️ React2Shell CTF 🚀 !Securityhttps://img.shields.io/badge...
Exploit for Deserialization of Untrusted Data in Facebook React
💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-GodzillaMemoryShell Help Usage: exploi...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Checker A portable Bash script to detect vulne...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182-PoC-exploit Next.js RCE via React Server Funct...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - Next.js RSC Remote Code Execution Exploit...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell Ultimate - CVE-2025-66478 Scanner...
Exploit for Deserialization of Untrusted Data in Facebook React
Introduction A P- bypass version of the WAF scanner has been...
CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation
CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — demo This repository provides a demonstratio...
Exploit for Deserialization of Untrusted Data in Facebook React
cve-2025-55182-poc Proof of Concept for CVE-2025-55182 "React...
CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...