EUVD-2025-202926

Denial of Service Vulnerability in React Server Components...

Vulnerabilities fixed in React Server Components

Meta has fixed vulnerabilities in React Server Components Parcel, Turbopack and Webpack Specifically for versions 19.0.2, 19.1.3 and 19.2.2. The vulnerabilities are related to insecure deserialization of HTTP request payloads, which can lead to Denial-of-Service attacks and server hangs. This...

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...

Node.js React Server Components Denial of Service (CVE-2025-67779)

Multiple Node.js React Server Components packages are affected by a denial of service vulnerability. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.2, 19.1.3, 19.2.2 - react-server-dom-parcel 19.0.2, 19.1.3, 19.2.2 - react-server-dom-turbopack 19.0.2,...

CVE-2025-67779

CVE-2025-67779 describes a denial-of-service vulnerability in React Server Components caused by an incomplete fix for unsafe deserialization. The issue allows crafted HTTP payloads to Server Function endpoints to trigger an infinite loop, tying up CPU and potentially making the server unresponsiv...

CVE-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...

EUVD-2022-34320

Malicious code in bioql PyPI...

EUVD-2022-34321

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-34051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Reflected Cross-site scripting XSS vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject...

Plixer / Dell SonicWALL Scrutinizer 19.0.2 SQLi Vulnerability

Plixer / Dell SonicWALL Scrutinizer is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2024-40137

Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution RCE vulnerability via the Computed field parameter under the Users Module Setup function...

PT-2024-28793 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions prior to 19.0.2 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the Computed field parameter under the Users Module Setup function. Recommendations: For version...

PT-2024-25669 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to 19.0.2 Description: A Reflected Cross-site scripting XSS vulnerability is located in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

CVE-2022-2015

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

CVE-2022-2015

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

JGraph draw.io 代码注入漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a code injection issue...

JGraph draw.io 跨站脚本漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 19.0.2 that stems from a cross-site scripting XSS issue...

CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio

Cross-site Scripting XSS - Stored in GitHub repository jgraph/drawio prior to 19.0.2...

CVE-2021-28993

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information remote...