Lucene search
K

4944 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago11 views

Malicious code in airkey-mfa-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector addd30fd6d90110d178ea017b2968c6014dab0e8304bdfeb55b13612a75f61da Package auto-executes a preinstall script node test.js on npm install that collects username, hostname, platform, Node version, and CI flag and POSTs...

5.9AI score
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00808EPSS
Exploits3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:2 p.m.6 views

Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...

6.7AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:2 p.m.7 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...

6.6AI score
Exploits0References3
NVD
NVD
added 2026/07/06 8:16 a.m.9 views

CVE-2026-14802

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 6:30 a.m.37 views

CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 6:30 a.m.6 views

EUVD-2026-41815

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS5.7AI score0.01324EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:30 a.m.7 views

CVE-2026-14802

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/06 6:30 a.m.14 views

CVE-2026-14802

CVE-2026-14802 affects react-create-app releases up to 5.0.1 on macOS, targeting the startBrowserProcess function in openBrowser.js within react-dev-utils. The root cause is an input manipulation that enables OS command injection, with remote exploitation described as possible and the exploit pub...

7.5CVSS6.7AI score0.01324EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 12:0 a.m.2 views

Malicious code in tme-xca-react (npm)

The tme-xca-react package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a 'tme' internal...

6.1AI score
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:10 p.m.36 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.3AI score0.02499EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 9:55 a.m.15 views

Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4c5725bd98fb80c8dc59c58f68627b6a69aa4c4ae16d3f0c70c011895144cb package.json declares a preinstall hook node src/utils/index.d.js, but the published tarball's files whitelist ships only dist/, README.md, and LICEN...

6AI score
Exploits0References7
OSV
OSV
added 2026/06/27 9:55 a.m.10 views

MAL-2026-6547 Malicious code in react-editable-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4c5725bd98fb80c8dc59c58f68627b6a69aa4c4ae16d3f0c70c011895144cb package.json declares a preinstall hook node src/utils/index.d.js, but the published tarball's files whitelist ships only dist/, README.md, and LICEN...

6.2AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 3:45 p.m.10 views

Malicious code in react-dynammic-table-component (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d47aff9bb18dcd61350fa86e19d97ddee5ee7c5bdf7f0adea4a685e89d58fa4f [email protected] declares a preinstall lifecycle script node dist/setup.js that runs automatically on npm install. The script...

6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.5 views

CVE-2026-42342

A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...

7.5CVSS5.7AI score0.00299EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 2:16 a.m.4 views

MAL-2026-6410 Malicious code in @su-doughnym/react-dlb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2269beae8c30caccda966ca3aba35c3eddb4795fba0161045f14758ff150f58b Package self-identifies as a dependency-confusion bug-bounty proof-of-concept and is published at version 99.99.99 to win resolution priority over an...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 2:16 a.m.8 views

Malicious code in @su-doughnym/react-dlb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2269beae8c30caccda966ca3aba35c3eddb4795fba0161045f14758ff150f58b Package self-identifies as a dependency-confusion bug-bounty proof-of-concept and is published at version 99.99.99 to win resolution priority over an...

6.1AI score
Exploits0References2
Rows per page
Query Builder