Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
InfoQ

Vercel’s Next.js 16: Explicit Caching, Turbopack Stability, and Improved Developer Tooling

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
GitHub

Roo indexes .next folder despite .rooignore file

Open Roo one level above nextjs project Example: folder called "Root Folder" and inside we have/create "example-nextjs" project In "Root Folder" we can create .rooignore with the following line ...
Bleeping Computer

Critical flaw in Next.js lets hackers bypass authorization

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025 ...
The Hacker News

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as ...
GitHub

Issue with Using virtualColor in NextJs 15

I have attempted to use virtualColor as given in the documentation at: https://mantine.dev/theming/colors/ under the virtualColor section in NextJs Version 15.0.3 ...