Lucene search
K

484 matches found

GithubExploit
GithubExploit
added 2026/02/26 4:57 p.m.171 views

Exploit for Deserialization of Untrusted Data in Facebook React

VPS Continuous Scanner A lightweight orchestrator and worker...

10CVSS7.8AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/02/25 5:34 p.m.161 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2shell or CVE-2025-55182 is a cr...

10CVSS6.5AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/02/25 5:34 p.m.140 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2shell or CVE-2025-55182 is a cr...

10CVSS6.5AI score0.99562EPSS
Exploits374
Imperva Blog
Imperva Blog
added 2026/02/17 6:48 p.m.8 views

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/10 12:19 a.m.151 views

Exploit for Deserialization of Untrusted Data in Facebook React

Affected Software: React Server Components versions 19.0.0, 1...

10CVSS6.5AI score0.99562EPSS
Exploits374
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.165 views

📄 Next.js 15 Remote Code Execution

A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...

10CVSS6.4AI score0.99562EPSS
Exploits388
GithubExploit
GithubExploit
added 2026/02/03 2:2 p.m.171 views

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Sentinel CVE-2025-55182 Next.js / React Server Components...

10CVSS5.7AI score0.99562EPSS
Exploits374
Veracode
Veracode
added 2026/02/02 2:13 p.m.8 views

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

7.5CVSS5.4AI score0.02499EPSS
Exploits0References9Affected Software4
OSV
OSV
added 2026/01/29 3:0 p.m.6 views

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

7.5CVSS6AI score0.02499EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/29 3:0 p.m.19 views

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2026/01/28 3:38 p.m.100 views

Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/28 3:38 p.m.3 views

GHSA-H25M-26QC-WCJF Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components

A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23864. A specially crafted HTTP...

7.5CVSS5.9AI score0.02499EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.7 views

CVE-2026-23864

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.6AI score0.02499EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/27 10:6 a.m.150 views

Exploit for Deserialization of Untrusted Data in Facebook React

!Image Althttps://github.com/AsadAhmad-1337/React-2-Shell/blo...

10CVSS7.5AI score0.99562EPSS
Exploits374
F5 Networks
F5 Networks
added 2026/01/27 2:9 a.m.17 views

K000159700: React framework vulnerability CVE-2026-23864

Security Advisory Description Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests ...

7.5CVSS5.9AI score0.02499EPSS
Exploits0
OSV
OSV
added 2026/01/26 8:16 p.m.6 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

7.5CVSS5.7AI score0.02499EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 8:16 p.m.10 views

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

7.5CVSS0.02499EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/26 7:49 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

8.7CVSS5.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exceptions, or excessive CPU usage by sending...

8.7CVSS6.9AI score0.65592EPSS
Exploits10References2
Snyk
Snyk
added 2026/01/26 7:49 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

8.7CVSS5.9AI score0.65592EPSS
Exploits10References2
Rows per page
Query Builder