4876 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Analysis Report Sections require...
react2shell-poc
日本語 !CAUTION For Authorized Security Re...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Security Lab "React2Shell" This repository c...
MAL-2026-3808 Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...
Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...
Malicious code in @citi-icg-158830/elemental-ui-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2287a3953db1a78e6d96679e8e7b737b492f81d3a86d14418ac301d6c4858a6 The package @citi-icg-158830/elemental-ui-react was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3807 Malicious code in @citi-icg-158830/elemental-ui-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2287a3953db1a78e6d96679e8e7b737b492f81d3a86d14418ac301d6c4858a6 The package @citi-icg-158830/elemental-ui-react was found to contain malicious code. Source: ghsa-malware...
Malicious code in bui-react-10components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6 The package bui-react-10components was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3804 Malicious code in bui-react-10components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd97accb94b52913accc33671fd34134afa96fd92bc09e5d0c440eef9b1a8c6 The package bui-react-10components was found to contain malicious code. Source: ossf-package-analysis...
SECpocs
Next.js React Server Components RCE Exploit Exploits CVE-2025...
@ardeora/start-devtools (>=1.0.0 <=1.0.1), @carvajalconsultants/headstart (>=1.0.0 <=1.0.2) +27 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.3)
@tanstack/start-server-core NPM version =1.121.0-alpha.28, =1.0.0, =1.0.0, =0.0.14, =1.20.3-alpha.1, =1.111.10, =1.121.23, =0.0.1, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.114.29, =1.121.23, =1.121.0-alpha.28, =1.97.4, =1.111.10, =1.121.0-alpha.28, =1.169.18 and more Source cves: unknown CVE Source...
CVE-2026-44582
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44576
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44582 Next.js: Cache poisoning via collisions in React Server Component cache-busting
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44582
Next.js (React Server Components) versions 13.4.6–before 15.5.16 and 16.2.5 are vulnerable to cache poisoning in deployments using shared caches with insufficient response partitioning. The issue stems from collisions in the _rsc cache-busting value, which can cause an attacker to serve a poisone...
CVE-2026-44576
CVE-2026-44576 affects Next.js (React Server Components). In affected versions 14.2.0 to before 15.5.16 and 16.2.5, shared caches that do not properly partition response variants can poison the cache by serving an RSC response from the original URL, causing subsequent visitors to receive componen...