Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React Server Components RCE | CTF Writeup...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +215 more potentially affected by CVE-2026-6856 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-starter (>=1.6.9.1 <=1.8.4.0), cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-test (>=1.6.9.1 <=1.7.2.3) +36 more potentially affected by CVE-2026-6125 via org.dromara.warm:warm-flow-plugin-modes-sb (>=1.3.4 <=1.8.5)

org.dromara.warm:warm-flow-plugin-modes-sb MAVEN version =1.3.4, =1.6.9.1, =1.6.9.1, =1.6.8.1, =4.0.0, =2025.13.0, =2025.3.2, =1.6.6, =1.8.4 - org.dromara.warm-flow-mybatis-flex:warm-flow-mybatis-flex-sb-test =1.6.6 and more Source cves: CVE-2026-6125 Source advisory:...

[SECURITY] [DSA 6206-1] gdk-pixbuf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6206-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 11, 2026 https://www.debian.org/security/faq -...

OESA-2026-1895 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: supercronic, grafana-operator, clickhouse-operator, dkron, victoriametrics-cluster, pluto, mountpoint-s3-csi-driver, mariadb-operator, fluxcd-kustomize-mutating-webhook, nodetaint, smokescreen, flux, nfs-subdir-external-provisioner, apko, external-secrets-operator,...

GHSA-M4PR-4J3G-9V7V vulnerabilities

Vulnerabilities for packages: pguser, azure-workload-identity-webhook, aws-node-termination-handler, minio-operator, cerbos, apko, calico, external-secrets-operator, kubeflow, redka, tofu-controller, regclient, swagger, nova, harbor-scanner-trivy, grpc-health-probe, seaweedfs,...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: pguser, azure-workload-identity-webhook, aws-node-termination-handler, minio-operator, cerbos, apko, calico, external-secrets-operator, kubeflow, redka, tofu-controller, regclient, swagger, nova, harbor-scanner-trivy, grpc-health-probe, seaweedfs,...

CVE-2026-27140 vulnerabilities

Vulnerabilities for packages: pguser, azure-workload-identity-webhook, elvish, fzf, aws-node-termination-handler, minio-operator, cerbos, apko, calico, external-secrets-operator, kubeflow, redka, tofu-controller, yam, regclient, swagger, nova, harbor-scanner-trivy, grpc-health-probe, seaweedfs,...

GHSA-M4PR-4J3G-9V7V vulnerabilities

Vulnerabilities for packages: flux, kubernetes-csi-node-driver-registrar-fips, crossplane-provider-azure-authorization, nri-f5, kube-vip, prometheus-blackbox-exporter-fips, mig-parted, nri-jmx-fips, rke2-runtime, secrets-store-csi-driver-provider-azure, timescaledb-parallel-copy, argo-events,...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7151 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =3.0.0, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967739...

@vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

GHSA-V457-WXVJ-P9W9 @vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

GHSA-Q4GF-8MX6-V5V3 Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

EUVD-2026-20584

React Server Components have a Denial of Service Vulnerability...

GHSA-479C-33WC-G2PG React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

Exploit for CVE-2026-23869

CVE-2026-23869 - Proof of Concept PoC Description This...