EUVD-2026-34000

React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...

Allocation of Resources Without Limits or Throttling

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially craft...

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22030

CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

PT-2026-2138

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...

Cross-site Request Forgery (CSRF)

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthoriz...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.2-alpha.7) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)

@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...

EUVD-2023-1019

Malicious code in bioql PyPI...

io.quarkus:quarkus-test-infinispan-client (>=2.5.0.CR1 <=3.0.0.Alpha2), org.infinispan:infinispan-distribution (>=13.0.0.Final <=14.0.24.Final) +9 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-sql (>=13.0.0.CR2 <=14.0.24.Final)

org.infinispan:infinispan-cachestore-sql MAVEN version =13.0.0.CR2, =2.5.0.CR1, =13.0.0.Final, =13.0.0.Final, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =13.0.0.CR2, =14.0.10.Final, =13.0.0.CR2, =14.0.24.Final Source cves: CVE-2023-5384 Source advisory: OSV:GHSA-GG57-587F-H5...

Microsoft Windows Client/Server Runtime Subsystem Competition Condition Issue Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. An attacker could exploit the vulnerability to remotely execute code. The...

CVE-2023-23409

Client Server Run-Time Subsystem CSRSS Information Disclosure Vulnerability...

CVE-2022-22026

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

Microsoft Windows 代码问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code issue vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

Microsoft Windows 缓冲区错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A buffer error vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. The following products and editions are affected:Windows 10 Version 1809 for 32-bit Systems,Windo...

Microsoft Windows 缓冲区错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A buffer error vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. The following products and editions are affected:Windows 10 Version 1809 for x64-based...

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...