InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
GitHub

Next.js component for creating responsive image gallery

Gallery can be used as both client and server component, but it's recommended to use it as server component because it will allow to do all calculations on the server and ship no JS to the user. (All ...
CoinDesk

New React bug that can drain all your tokens is impacting 'thousands of' websites

Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and ...

Criminal IP Reveals Global React2Shell RCE Exposure Across React Server Components

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
GitHub

Feature Request: dynamic header prop for CopilotKit component

I want the headers prop on the CopilotKit component to also accept a functions, that return a headers object, that gets called each time a request is made to the url provided via the runtimeUrl prop.