tag
Deserialization
Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03·
Redis server, Vector Set module (modules/vector-sets)
unpatched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706·
Microsoft SharePoint Server
patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182·
Next.js (App Router with React Server Components), React
patched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683·
Atlassian Confluence Data Center and Server
unpatched