4876 matches found
📄 Next.js 15 Remote Code Execution
A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...
React Native Community CLI Server API Node.js Package 4.8.0 < 20.0.0 Remote Code Execution (CVE-2025-11953)
The version of the React Native Community CLI Server API Node.js Package installed on the remote host is 4.8.0 prior to 20.0.0. It is, therefore, affected by a remote code execution vulnerability: - The Metro Development Server, which is opened by the React Native Community CLI, binds to external...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11953link is external React Native Community CLI OS Command Injection Vulnerability CVE-2026-24423link is external SmarterTools SmarterMail Missing...
MAL-2026-755 Malicious code in @jes4l/react-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbda4aa24c8a13be0d237b206780fc2feb5778e65cebf430e2124e49a390cdde The package @jes4l/react-pkg was found to contain malicious code. Source: ghsa-malware 2bd5520cca8e57269ded7f69993dc5257f9085a6706d01d7bc60b17ec80534...
Malicious code in @jes4l/react-pkg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbda4aa24c8a13be0d237b206780fc2feb5778e65cebf430e2124e49a390cdde The package @jes4l/react-pkg was found to contain malicious code. Source: ghsa-malware 2bd5520cca8e57269ded7f69993dc5257f9085a6706d01d7bc60b17ec80534...
React Native Community CLI OS Command Injection Vulnerability
React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...
Malicious code in react-vite-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...
MAL-2026-747 Malicious code in react-vite-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...
Malicious code in react-count-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...
MAL-2026-746 Malicious code in react-count-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...
Malicious Package
Overview react-count-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - PoC & Stand 📌 Quick Start 1. Deploy...
Malicious Package
Overview react-toast-cold is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in react-sdkk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5be5e5cc941dec9a36d78d9de45e31cd604e0efacd37d1b78b62e452689b2cb7 The package react-sdkk was found to contain malicious code. Source: ghsa-malware 60e38e54e0f061a0da679900787b26c8949e350345b5ae5e12688321574bd4c7 Any...
Malicious Package
Overview react-sdkk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
MAL-2026-713 Malicious code in react-sdkk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5be5e5cc941dec9a36d78d9de45e31cd604e0efacd37d1b78b62e452689b2cb7 The package react-sdkk was found to contain malicious code. Source: ghsa-malware 60e38e54e0f061a0da679900787b26c8949e350345b5ae5e12688321574bd4c7 Any...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
Exploit for Deserialization of Untrusted Data in Facebook React
RSC Sentinel CVE-2025-55182 Next.js / React Server Components...
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...