Lucene search
K

4917 matches found

Snyk
Snyk
added 2026/01/26 7:49 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exceptions, or excessive CPU usage by sending...

8.7CVSS6.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

8.7CVSS5.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

8.7CVSS5.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...

8.7CVSS5.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exception...

8.7CVSS7.2AI score0.65592EPSS
Exploits10References2
vulnersOsv
vulnersOsv
added 2026/01/26 7:49 p.m.8 views

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55184 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

7.5CVSS7.3AI score0.65592EPSS
Exploits10
vulnersOsv
vulnersOsv
added 2026/01/26 7:49 p.m.7 views

@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +50 more potentially affected by CVE-2025-55184 +1 more via react-server-dom-webpack (>=19.0.0-canary-36e62c603-20240418 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0-canary-36e62c603-20240418, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =1.0.0-canary.12245, =1.0.0-canary.12245, =0.9.1-next.19, =1.0.0-canary.12245, =1.0.0-canary.12245...

7.5CVSS7.4AI score0.65592EPSS
Exploits10
ATTACKERKB
ATTACKERKB
added 2026/01/26 7:16 p.m.10 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

7.5CVSS6AI score0.02329EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/01/26 7:16 p.m.18 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

0.02329EPSS
Exploits0References1
CVE
CVE
added 2026/01/26 7:16 p.m.75 views

CVE-2026-23864

CVE-2026-23864 affects React Server Components packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The connected advisories describe a denial-of-service condition triggered by specially crafted HTTP requests to Server Function endpoints, potentially causin...

7.5CVSS6AI score0.02329EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 7:16 p.m.3 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

6AI score0.02329EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/26 5:15 p.m.156 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Target Vulnerab...

10CVSS7.4AI score0.99562EPSS
Exploits372
Information Security Automation
Information Security Automation
added 2026/01/26 1:52 p.m.12 views

January “In the Trend of VM” (#23): vulnerabilities in Windows, React and MongoDB

January "In the Trend of VM" 23: vulnerabilities in Windows, React and MongoDB. Traditional monthly roundup of trending vulnerabilities. Launching the 2026 season. 🙂 🗞 Post on Habr rus 🗒 Digest on the PT website rus In total, three vulnerabilities: 🔻 EoP - Windows Cloud Files Mini Filter Driver...

10CVSS6.7AI score0.99562EPSS
Exploits413
Akamai Blog
Akamai Blog
added 2026/01/26 12:0 p.m.21 views

CVE-2026-23864: React and Next.js Denial of Service via Memory Exhaustion

...

7.5CVSS5.9AI score0.02329EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/01/23 6:5 p.m.184 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC This repository provides a minimal intentiona...

10CVSS6.6AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2026/01/23 10:36 a.m.353 views

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js Security Testing Tool Professiona...

10CVSS5.7AI score0.99562EPSS
Exploits372
Snyk
Snyk
added 2026/01/21 4:48 a.m.3 views

Malicious Package

Overview plugin-react-swc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 4:48 a.m.8 views

Malicious code in plugin-react-swc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467 The package plugin-react-swc was found to contain malicious code. Source: ghsa-malware cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62a...

5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/01/21 4:48 a.m.5 views

EUVD-2026-3724

Malicious code in plugin-react-swc npm...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 4:48 a.m.7 views

MAL-2026-424 Malicious code in plugin-react-swc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 197cedd065670a6a39b4401d52b2a636d5ff18f26c378b571770286a807ec467 The package plugin-react-swc was found to contain malicious code. Source: ghsa-malware cba9afea98505469e9b9f36095ab566e5cd857b54255290d9defa67c40c62a...

5.5AI score
Exploits0References2
Rows per page
Query Builder