CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/03 7:7 p.m.•6 views

EUVD-2025-200984

This CVE is a duplicate of CVE-2025-55182...

10CVSS6AI score0.83197EPSS

Exploits377References3

OSV•added 2025/12/03 7:7 p.m.•1 views

GHSA-9QR9-H5GF-34MP Next.js is vulnerable to RCE in React flight protocol

A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as CVE-2025-55182. Fixed in: React: 19.0.1, 19.1.2, 19.2.1 Next.js:...

10CVSS5.9AI score0.83197EPSS

Exploits363References5

Github Security Blog•added 2025/12/03 7:7 p.m.•13 views

Next.js is vulnerable to RCE in React flight protocol

Exploits363References5Affected Software1

The Hacker News•added 2025/12/03 6:19 p.m.•21 views

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components RSC that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows...

10CVSS8.4AI score0.83197EPSS

Exploits377

GithubExploit•added 2025/12/03 5:21 p.m.•241 views

Exploit for CVE-2025-55182

GitHub CVE Scanner 🔍 Quickly scan GitHub repositories for c...

10CVSS7.8AI score0.83197EPSS

Exploits377

F5 Networks•added 2025/12/03 5:6 p.m.•15 views

K000158058: React framework vulnerability CVE-2025-55182

Security Advisory Description A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable...

Snyk•added 2025/12/03 4:39 p.m.•8 views

Arbitrary Code Injection

Overview next is a react framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code on the server by sending malicious HT...

Exploits377References3

Arbitrary Code Injection

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserializatio...

Arbitrary Code Injection

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization ...

Arbitrary Code Injection

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe...

vulnersOsv•added 2025/12/03 4:39 p.m.•4 views

@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +21 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (>=19.0.0-rc.0 <=19.0.0)

react-server-dom-webpack NPM version =19.0.0-rc.0, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =0.9.1-next.19, =0.9.1-next.19, =0.9.1-next.19, =0.0.4, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250219082408, =0.0.2, =0.1.0-rc....

10CVSS7.1AI score0.83197EPSS

Arbitrary Code Injection

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization of RSC payloads from HTTP requests to Server Function endpoints. An unauthenticated attacker can execute arbitrary code ...

OSV•added 2025/12/03 4:15 p.m.•8 views

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

10CVSS8.1AI score0.83197EPSS

Exploits363References6

NVD•added 2025/12/03 4:15 p.m.•16 views

CVE-2025-55182

10CVSS0.83197EPSS

Exploits363References6

Wiz blog•added 2025/12/03 3:57 p.m.•25 views

React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability

Detect and mitigate React2Shell CVE-2025-55182, critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently...