Lucene search
+L

129 matches found

OSV
OSV
added 2026/02/25 10:33 p.m.11 views

GHSA-JM64-8M5Q-4QH8 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

5.9CVSS5.8AI score0.00415EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.4 views

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

7.5CVSS5.7AI score0.00415EPSS
Exploits1References1
NVD
NVD
added 2026/02/24 1:16 a.m.12 views

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

7.5CVSS0.00415EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:46 a.m.9 views

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

5.9CVSS5.7AI score0.00415EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/24 12:46 a.m.12 views

CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

5.9CVSS5.8AI score0.00415EPSS
Exploits1References6
CVE
CVE
added 2026/02/24 12:46 a.m.19 views

CVE-2026-27729

CVE-2026-27729 affects Astro v9.0.0–9.5.3. The vulnerability is due to Astro server actions buffering incoming request bodies (JSON/FormData) without a size limit, enabling unauthenticated denial of service via a single oversized POST to a valid action endpoint, which can crash the server on memo...

7.5CVSS5.7AI score0.00415EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/24 12:46 a.m.25 views

CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...

5.9CVSS0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.15 views

PT-2026-21611

Name of the Vulnerable Software and Affected Versions Astro versions 9.0.0 through 9.5.3 Description Astro server actions lack a default request body size limit, potentially leading to a denial of service DoS due to memory exhaustion. A large POST request to a valid action endpoint can crash the...

7.5CVSS5.4AI score0.00415EPSS
Exploits1References13
GithubExploit
GithubExploit
added 2026/01/15 7:56 p.m.163 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell - Preuve de Concept CVE-2025-55182 Ce projet...

10CVSS5.8AI score0.99562EPSS
Exploits376
GithubExploit
GithubExploit
added 2026/01/14 10:25 a.m.190 views

RCE-Exploit-Tools

RCE Exploit Research Tools Project Overview This repository cont...

7.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:46 p.m.8 views

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.6 views

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.9AI score0.00128EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/12 8:26 a.m.3 views

Cross-site Request Forgery

React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...

6.5CVSS6.7AI score0.00128EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/01/10 3:15 a.m.9 views

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 2:42 a.m.3 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:42 a.m.5 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.14 views

PT-2026-2138

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...

6.5CVSS6.4AI score0.00128EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/08 8:57 p.m.14 views

React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/01/08 8:57 p.m.7 views

GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/20 8:33 a.m.245 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell PoC CVE-2025-55182 A Proof-of-Concept PoC scr...

10CVSS8.9AI score0.99562EPSS
Exploits376
Rows per page
Query Builder