MEIFP – Most Exploited Internet-Facing Products

Meta

Products: React Developer Tools Extension · react-server-dom-parcel · react-server-dom-turbopack · react-server-dom-webpack

40.6

Score

CVEs

Active

PoC

KEV

#62

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2025-55183	2025-12-11	5.3v3.1	POC	—	Low	None	YES	0.0	react-server-dom-parcelreact-server-dom-turbopackreact-server-dom-webpack	An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafte
CVE-2025-55184	2025-12-11	7.5v3.1	POC	—	Low	None	YES	0.0	react-server-dom-parcelreact-server-dom-turbopackreact-server-dom-webpack	A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely
CVE-2025-55182	2025-12-03	10.0v3.1	ACTIVE		Low	None	YES	40.6	react-server-dom-parcelreact-server-dom-turbopackreact-server-dom-webpack	A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloa
CVE-2023-5654	2023-10-19	6.5v3.1	POC	—	Low	None	YES	0.0	React Developer Tools Extension	The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch(). The

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3