EUVD-2026-33994

React Router vulnerable to Denial of Service via reflected user input in single-fetch...

SUSE CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

EUVD-2026-33986

React Router has stored XSS via unescaped Location header in prerendered redirect HTML...

SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245

CVE-2026-33245 affects React Router versions 7.7.0–7.13.1 when using unstable React Server Components (RSC) APIs. The issue is a client-side XSS vulnerability in the RSC redirect handling if redirects originate from untrusted sources. Applications not using the unstable RSC APIs are not affected....

CVE-2026-33244 React Router has stored XSS via unescaped Location header in prerendered redirect HTML

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

PT-2026-45826

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 Description A client-side Cross-Site Scripting XSS issue exists in the redirect handling of the unstable React Server Components RSC APIs. This occurs when redirects originate from untrusted sources...

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

CVE-2025-58922

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

WordPress plugin Avada 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions = 7.13.2...

Atlassian Jira 7.12 < 7.13.2 Information Disclosure In Browseprojects.jspa Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.12.x prior to 7.13.2 or 8.0.0 prior to 8.0.2. It is, therefore, affected by a vulnerability which permits remote attackers to see information for archived projects through a missing...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=5.3.0 <=5.7.9), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=5.7.9) +361 more potentially affected by CVE-2021-22144 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=7.13.2)

org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.6.5, =1.0.4.R, =2.1.0.M8, =1.0.2, =1.0.5 - cn.dustlight.datacenter:datacenter-elasticsearch =0.0.6-alpha-2 and more Source cves: CVE-2021-22144 Source...

CVE-2019-3400

The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jql parameter...