4919 matches found
Arbitrary Code Injection
Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe deserialization ...
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability
Detect and mitigate React2Shell CVE-2025-55182, critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently...
CVE-2025-55182
CVE-2025-55182 is a pre-auth remote code execution vulnerability in React Server Components (versions 19.0.0, 19.1.0, 19.1.1, 19.2.0) affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The issue arises from unsafe deserialization of payloads in HTTP reque...
EUVD-2025-200983
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...
CVE-2025-55182: React and Next.js Server Functions Deserialization RCE
...
PT-2025-48817
Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.2.0 Description A pre-authentication remote code execution issue exists in React Server Components, specifically affecting the react-server-dom-parcel, react-server-dom-turbopack, and...
Next.js Framework React Server Components Remote Code Execution (CVE-2025-55182)
The Next.js Framework on the remote host is affected by a remote code execution vulnerability: - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel,...
Meta React Server Components 安全漏洞
React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...
Node.js React Server Components Unauthenticated Remote Code Execution (CVE-2025-55182)
Multiple Node.js React Server Components packages are affected by an unauthenticated remote code execution vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0, 19.1.0, 19.1.1, 19.2.0 - react-server-dom-parcel 19.0, 19.1.0, 19.1.1, 19.2.0 -...
PT-2026-4812
Name of the Vulnerable Software and Affected Versions React versions 19.0.0 through 19.2.3 react-server-dom-webpack versions 19.0.0 through 19.2.3 react-server-dom-parcel versions 19.0.0 through 19.2.3 react-server-dom-turbopack versions 19.0.0 through 19.2.3 Next.js versions 13.x through 16.x...
Malicious code in wfui-dbd-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a931af71a32dfa7644c29cca564d41bd857fa8cdea4956e0764cd224834ad The package wfui-dbd-react-ui was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-200281
Malicious code in wfui-dbd-react-ui npm...
MAL-2025-191668 Malicious code in wfui-dbd-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49a931af71a32dfa7644c29cca564d41bd857fa8cdea4956e0764cd224834ad The package wfui-dbd-react-ui was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-200282
Malicious code in wfui-dsm-react-ui npm...
Malicious code in wfui-dsm-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab7eb463079033f35833ad6226f3db96e8b3e17ed382e0868d2ad823af5bb34 The package wfui-dsm-react-ui was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191669 Malicious code in wfui-dsm-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ab7eb463079033f35833ad6226f3db96e8b3e17ed382e0868d2ad823af5bb34 The package wfui-dsm-react-ui was found to contain malicious code. Source: ghsa-malware...