MAL-2026-527 Malicious code in @santandergroup-uk/edgehome-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e512dc1f3fcaa6ef57a8b842e2f6afe53092e6b4dc6efa83f398b40c59e53a6b The package @santandergroup-uk/edgehome-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in @row-components/pricing-embedded-sui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63928e8cf0861bfa8d3def2e822d818c038315c0a9d5918b6f27aeaab7ec9e3a The package @row-components/pricing-embedded-sui was found to contain malicious code. Source: ghsa-malware...

Malicious code in tailwind-components-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3916984542c5471332406155adc38fde3d254e8748b6e65caa1b9680663602c The package tailwind-components-cli was found to contain malicious code. Source: ghsa-malware...

MAL-2026-543 Malicious code in tailwind-components-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3916984542c5471332406155adc38fde3d254e8748b6e65caa1b9680663602c The package tailwind-components-cli was found to contain malicious code. Source: ghsa-malware...

Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...

MAL-2026-518 Malicious code in @afg-ikea/ikea-kiosk-related-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f627f92f7e8b9ae99be35718e43eb73ed63a8818cea75a131f4bf85738cab2c3 The package @afg-ikea/ikea-kiosk-related-components was found to contain malicious code. Source: ghsa-malware...

K000159700: React framework vulnerability CVE-2026-23864

Security Advisory Description Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests ...

RHEL 9 : thunderbird (RHSA-2026:1413)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:1413 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...

Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715)

The Postgres vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the SANnav 2.4.0b and 3.0.0 releases...

CVE-2025-59472

A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the Next-Resume: 1 header and processes attacker-controlled postponed state data. Two closely related...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding reply functions of React Flight protocol. An attacker can cause server crashes, out-of-memory exceptions, or excessive CPU usage by sending...

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

CVE-2026-23864

CVE-2026-23864 affects React Server Components packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The connected advisories describe a denial-of-service condition triggered by specially crafted HTTP requests to Server Function endpoints, potentially causin...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

CVE-2026-23864

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints,...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Target Vulnerab...