8276 matches found
EUVD-2026-33988
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets...
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...
Security update for golang-github-prometheus-prometheus
This update for golang-github-prometheus-prometheus to version 3.5.3 fixes the following issues: Security issues fixed: CVE-2026-42151: AzureAD remote write: Fixed OAuth clientsecret being exposed in plaintext via /-/config endpoint bsc1263986 CVE-2026-42154: Remote-read: Reject snappy-compressed...
PT-2026-46087
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...
Linux Distros Unpatched Vulnerability : CVE-2026-44582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...
CVE-2026-44579
A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the redirect handling of unstable React Server Components RSC APIs. An attacker can execute arbitrary JavaScript code in the user's browser by supplying a crafted javascript: redirect target from an untrusted...
CVE-2026-33245
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077
React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...
CVE-2024-42206
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2026-33245
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-44593
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...
EUVD-2024-55606
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2024-42206
Technical details are not publicly available in the provided documents. Monitor for updates on affected components, root cause, and remediation.
CVE-2024-42206
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...