Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
winbuzzer.com

Severe React Server Components Flaw Exposes Millions of Apps and Websites

Millions of web applications face immediate risk following the disclosure of a catastrophic flaw in the React Server Components (RSC) architecture. Identified as CVE-2025-55182, the vulnerability ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
InfoQ

Accessibility with Interactive Components at React Advanced Conf

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Prevent AI-generated tech debt with Skeleton ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...
InfoWorld

Putting agentic AI to work in Firebase Studio

An AI assistant is like power steering. The programmer, the driver, remains in control, and the tool magnifies that control. The developer types some code, and the assistant completes the function, ...
Microsoft

React and Fluent based virtual code components are now generally available

We are excited to announce the general availability of React and Fluent-based virtual code components. This feature allows customers and partners to leverage the Microsoft Power Apps platform ...
IEEE

Comparative Analysis on React and Preact Javascript Frameworks

Abstract: Javascript is one of the leading technologies used for developing web applications. React, Angular, and Vue are effective and popular Javascript frameworks in web development. In this study, ...
Hacker

How to Test React Components With Jest And React Testing Library

Keploy is AI based test case and stubs/mocks generator for e2e testing. 90% test coverage in minutes with open source ...
GitHub

[Bug]: @storybook/react-vite configuration for react-docgen doesn't support components that import postcss modules.

The babel config passed to react-docgen doesn't take into account the .babelrc file and attempts to parse the .css file as JavaScript. This causes an error like so ...