PoC Archive PoC Archive

tag

Deserialization

Critical
Redis Vector Set Duplicate HNSW Node ID RCE
None assigned as of 2026-07-03· Redis server, Vector Set module (modules/vector-sets) unpatched
Critical
ToolShell - SharePoint Unauthenticated RCE Chain
CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, CVE-2025-49706· Microsoft SharePoint Server patched
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
High
Confluence Post-Auth RCE - CVE-2024-21683
CVE-2024-21683· Atlassian Confluence Data Center and Server unpatched