lachlan2k - Security Researcher - Exploit Intelligence Platform

CVE-2025-55182 NOMISEC CRITICAL WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

1,026 stars

CVSS 10.0

View Code

CVE-2025-66478 GITHUB go WORKING POC

Rejected

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

128 stars

View Code

CVE-2025-55182 NOMISEC CRITICAL WRITEUP

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

36 stars

CVSS 10.0

View Code

CVE-2023-35803 NOMISEC CRITICAL WORKING POC

Extremenetworks IQ Engine < 10.6r2 - Buffer Overflow

IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.

23 stars

CVSS 9.8

View Code

CVE-2025-55182 GITHUB CRITICAL python WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

2 stars

CVSS 10.0

View Code

CVE-2025-55182 NOMISEC CRITICAL WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

CVSS 10.0

View Code