H4R335HR

2 exploits Active since Feb 2023

CVE-2025-55182 NOMISEC CRITICAL SCANNER

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

CVSS 10.0

View Code

CVE-2023-24329 NOMISEC HIGH WORKING POC

Python <3.11.4 - Open Redirect

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

CVSS 7.5

View Code