腾讯网

10级漏洞刚补完,React又炸了!现代Web“默认底座”因一行代码缺失 ...

编译 | Tina、冬梅上周刚追完 10 级补丁,以为能喘口气了?还不行。12 月 12 日,React 官方确认,研究人员在验证上周补丁时,竟又在 React Server Components(RSC)里发现了两处新漏洞。过去一周,React2Shell 漏洞的余威仍在:服务器被劫持挖矿、云厂商紧急封禁、甚至引发 Cloudflare ...
腾讯网

React2Shell漏洞深度剖析:一个撼动互联网的严重漏洞

来自Wiz、Palo Alto Networks旗下Unit 42、Google ...

New React bug that can drain all your tokens is impacting 'thousands of' websites

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.

gluestack by GeekyAnts Top Contender in Component Library Category— React Native Survey 2025

(GLOBE NEWSWIRE) -- gluestack by GeekyAnts secures #1 and #2 position in the Component Libraries category of the State of ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...