Lucene search
+L

192 matches found

nessus
nessus
added 2026/07/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain...

7.5CVSS6.1AI score0.00299EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/25 11:8 p.m.6 views

CVE-2026-42342

A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...

7.5CVSS5.7AI score0.00299EPSS
Exploits0References4
snyk
snyk
added 2026/06/15 8:6 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient CSRF checks for PUT, PATCH, and DELETE document requests. An attacker can cause unauthorized state changes by tricking a user in...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.6AI score0.00271EPSS
Exploits0References1
github
github
added 2026/06/04 3:23 p.m.18 views

React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software2
osv
osv
added 2026/06/04 3:23 p.m.10 views

GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References6
susecve
susecve
added 2026/06/04 2:24 a.m.10 views

SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
github
github
added 2026/06/03 9:5 p.m.15 views

React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3Affected Software2
euvd
euvd
added 2026/06/03 9:5 p.m.14 views

EUVD-2026-34000

React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2
osv
osv
added 2026/06/03 9:5 p.m.7 views

GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/03 12:0 a.m.22 views

PT-2026-46089

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References4
snyk
snyk
added 2026/06/02 10:22 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially craft...

8.7CVSS5.5AI score0.00299EPSS
Exploits0References2
nvd
nvd
added 2026/06/02 8:16 p.m.18 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS0.00299EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 6:23 p.m.52 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS0.00299EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/02 6:23 p.m.9 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software2
vulnrichment
vulnrichment
added 2026/06/02 6:23 p.m.11 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References1
cve
cve
added 2026/06/02 6:23 p.m.143 views

CVE-2026-42342

CVE-2026-42342 affects React Router and Remix Server Runtime: versions 7.0.0–7.14.x of react-router and 2.10.0–2.17.4 of @remix-run/server-runtime are vulnerable to DoS via unbounded path expansion on the __manifest endpoint, causing high resource usage and potential unavailability for Framework ...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References1Affected Software2
osv
osv
added 2026/06/02 6:23 p.m.2 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.9AI score0.00299EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.18 views

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/27 3:20 p.m.10 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.9AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder