CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/02/17 12:0 a.m.•3 views

PT-2026-20256

Old vuln, new life: React2Shell CVE-2025-55812 is seeing a surge in active exploitation with reverse shells + cryptominers. If your patching is based on CVSS instead of real-world activity, you’re already behind. https://t.co/2hEOe08JVG CyberSecurity ThreatIntel PatchNow...

5.5AI score

Exploits0References1

GithubExploit•added 2026/02/12 6:32 a.m.•132 views

Exploit for Deserialization of Untrusted Data in Facebook React

This Proof of Concept PoC for React2Shell CVE-2025-55182 vul...

10CVSS5.6AI score0.82011EPSS

The Hacker News•added 2026/02/05 4:56 a.m.•25 views

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

10CVSS7.4AI score0.82011EPSS

GithubExploit•added 2026/01/31 5:43 a.m.•123 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55...

10CVSS5.9AI score0.82011EPSS

GithubExploit•added 2026/01/23 6:5 p.m.•155 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

10CVSS6.6AI score0.82011EPSS

GithubExploit•added 2026/01/06 1:4 p.m.•125 views

react2shell-exploit

No d...

The Hacker News•added 2026/01/05 12:53 p.m.•22 views

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week's stories...

10CVSS8.7AI score0.8966EPSS

Exploits373

HackRead•added 2026/01/03 2:59 p.m.•2 views

RondoDox Botnet is Using React2Shell to Hijack Thousands of Unpatched Devices

RondoDox hackers exploit the React2Shell flaw in Next.js to target 90,000+ devices, including routers, smart cameras, and small business websites...

The Hacker News•added 2026/01/01 9:19 a.m.•12 views

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things IoT devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed...

10CVSS8.1AI score0.93701EPSS

Exploits413

Wiz blog•added 2025/12/30 12:49 p.m.•3 views

Protecting Against Zero-Day Vulnerabilities with SOC-Level ASM Alert

Outpacing React2Shell using pre-breach alerts from Wiz ASM to eliminate exploitable risk before attackers find them...

6.9AI score

GithubExploit•added 2025/12/26 6:37 a.m.•131 views

react2shell_poc

No d...

Rapid7 Blog•added 2025/12/19 9:2 p.m.•9 views

Metasploit Wrap-Up 12/19/2025

React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is...

8.4CVSS8.2AI score0.51775EPSS

Exploits1

GithubExploit•added 2025/12/19 10:17 a.m.•111 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js React2Shell CVE-2025-55182 Exploit Tool A proof-of-...

10CVSS8.1AI score0.82011EPSS

The Hacker News•added 2025/12/18 1:10 p.m.•14 views

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

This week's ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week'...

10CVSS7.2AI score0.82011EPSS

GithubExploit•added 2025/12/16 3:1 p.m.•114 views

react2shell

No d...

The Hacker News•added 2025/12/16 8:21 a.m.•18 views

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in...

10CVSS7.9AI score0.92118EPSS

Exploits426

HackRead•added 2025/12/15 4:34 p.m.•10 views

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…...

10CVSS6.9AI score0.82011EPSS

GithubExploit•added 2025/12/14 2:24 p.m.•122 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Scanner – with PoC CVE-2025-55182 – React Ser...

10CVSS7.2AI score0.82011EPSS