8324 matches found
CVE-2026-24474
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs
Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...
Meta React Server Components security vulnerabilities
Meta React Server Components are a series of components developed by the American company Meta. There is a security vulnerability in Meta React Server Components, which can lead to server crashes, memory exhaustion, or excessive CPU usage when specially crafted HTTP requests are sent...
CVE-2026-24474
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
Dioxus Components security vulnerabilities
Dioxus Components is a basic component open-sourced by Dioxus Labs. Version 41e4242ecb1062d04ae42a5215363c1d9fd4e23a of Dioxus Components had a security vulnerability. This vulnerability stemmed from the useofanimatedopen function, which used the user-provided ID to format eval strings, potential...
CVE-2026-24474
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...
CVE-2026-24474
Summary: CVE-2026-24474 affects the Dioxus Components library (shadcn-style components for the Dioxus app framework). Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, the function/use_animated_open formats a string for eval using a user-supplied id, enabling a potential JavaScript inject...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell PoC This repository provides a minimal intentiona...
Exploit for Deserialization of Untrusted Data in Facebook React
🔍 Next.js Security Testing Tool Professiona...
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by introducing custom Python code into a workflow. Remediati...
Arbitrary Code Injection
Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of Python function components. An attacker can execute arbitrary code by...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
CVE-2026-0771
Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...
Malicious code in kwp-shared-components-production-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b2bf82ab1e7b02c2c3398dc73b6c1635e7f3e8da7f0a3aa11123d5db5a19b56 The package kwp-shared-components-production-system was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-4526
Malicious code in kwp-shared-components-production-system npm...
MAL-2026-480 Malicious code in kwp-shared-components-production-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b2bf82ab1e7b02c2c3398dc73b6c1635e7f3e8da7f0a3aa11123d5db5a19b56 The package kwp-shared-components-production-system was found to contain malicious code. Source: ghsa-malware...
PT-2026-4539
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, use animated open formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...