React and Node.js - 搜索 News

10级漏洞刚补完，React又炸了！现代Web“默认底座”因一行代码缺失 ...

编译 | Tina、冬梅上周刚追完 10 级补丁，以为能喘口气了？还不行。12 月 12 日，React 官方确认，研究人员在验证上周补丁时，竟又在 React Server ...

15 天

React/Next.js 曝满分RCE漏洞，无需认证即可远程代码执行

近期，聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞，该漏洞已被披露，编号为 CVE-2025-55182，CVSS 评分为 10.0 。该漏洞主要波及react-server-dom-webpack的Server Actions功能。由于在处理客户端提交的表单数据时，系统未能实施充分的安全性校验，导致攻击者能够通过精心设计的恶意表单请求 ...

Cybernews

Attackers exploit React2Shell vulnerability to target home CCTV, smart plugs, and TVs

React2Shell, a critical Node.js vulnerability, is driving massive global exploitation as attackers target smart devices and ...

Cybernews

Compromised Next.js devices weaponized by attackers: thousands remain vulnerable

Security researchers warn that hundreds of compromised Next.js devices are attacking others, and tens of thousands of servers ...

SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code execution.

51CTO服务器频道

紧急：React 19 和 Next.js 的 React 服务器组件存在关键漏洞

如果你在用 React 19 / Next.js 15 / 16，这篇就当是一个温柔但坚决的催命信： Vercel 已经出手，在它的全球 Web Application Firewall（WAF）上，加了一层拦截规则，免费帮所有托管在上面的项目挡一波。

9 天on MSN

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in ...

当前正在显示可能无法访问的结果。

隐藏无法访问的结果