mrknow001 - Security Researcher - Exploit Intelligence Platform

CVE-2025-55182 NOMISEC CRITICAL WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

552 stars

CVSS 10.0

View Code

CVE-2025-55182 NOMISEC CRITICAL WORKING POC

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

7 stars

CVSS 10.0

View Code

CVE-2022-22947 NOMISEC CRITICAL WORKING POC

Spring Cloud Gateway Remote Code Execution

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

7 stars

CVSS 10.0

View Code

CVE-2025-66478 GITHUB javascript SCANNER

Rejected

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

3 stars

View Code

CVE-2025-55182 NOMISEC CRITICAL SCANNER

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

3 stars

CVSS 10.0

View Code