来自Wiz、Palo Alto Networks旗下Unit 42、Google ...

12 月 12 日，React 官方确认，研究人员在验证上周补丁时，竟又在 React Server Components（RSC）里发现了两处新漏洞。 过去一周，React2Shell 漏洞的余威仍在：服务器被劫持挖矿、云厂商紧急封禁、甚至引发 Cloudflare 的连锁故障；为了把风险压下去，Vercel 甚至在一个 ...

The world is in shock as one of the most widely used JavaScript libraries just announced that they have discovered a security issue in the React Server Components, which are one of the most commonly ...

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly disclosed. Shortly after publication, multiple ...

Unlike server-side rendering, React Server Components aim to fully replace client-side functionality with work done on the server. Let’s see how this works. React remains a flagship among front-end ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ...

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on ...