CVE-2025-14772

creationtimestamp| type| source ---|---|--- 2026-06-03 06:01:01+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-545 2026-06-03 11:44:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mneztvokii2u 2026-06-03 16:12:05+00:00| seen|...

CVE-2026-10701

creationtimestamp| type| source ---|---|--- 2026-06-03 04:52:24+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-prodotti-mozilla-6 2026-06-03 12:25:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnf44jhtx423 2026-06-04 06:00:36+00:00| seen|...

PT-2026-46087

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...

PT-2026-46078

Name of the Vulnerable Software and Affected Versions Net::Async::Statsd::Client versions prior to 0.006 Description Net::Async::Statsd::Client for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted...

CVE-2026-47201

creationtimestamp| type| source ---|---|--- 2026-06-02 23:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndp5rge442i 2026-06-02 23:28:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndqqez4742e 2026-06-05 00:37:07+00:00| seen|...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the redirect handling of unstable React Server Components RSC APIs. An attacker can execute arbitrary JavaScript code in the user's browser by supplying a crafted javascript: redirect target from an untrusted...

CVE-2026-5076

creationtimestamp| type| source ---|---|--- 2026-06-02 20:57:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndibeexqb2m 2026-06-02 21:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndih7w5ct25 2026-06-03 02:06:19+00:00| seen|...

CVE-2026-5073

creationtimestamp| type| source ---|---|--- 2026-06-02 20:49:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhtf445z2f 2026-06-02 21:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndigzd4da22 2026-06-09 07:03:56+00:00| confirmed|...

EUVD-2026-34028

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-34077

React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245

CVE-2026-33245 affects React Router versions 7.7.0–7.13.1 when using unstable React Server Components (RSC) APIs. The issue is a client-side XSS vulnerability in the RSC redirect handling if redirects originate from untrusted sources. Applications not using the unstable RSC APIs are not affected....

CVE-2026-25260

creationtimestamp| type| source ---|---|--- 2026-06-02 06:00:25+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnbw5isizs2f 2026-06-02 06:00:34+00:00| seen| https://infosec.exchange/users/offseq/statuses/116678985188082035...

CVE-2026-34906

creationtimestamp| type| source ---|---|--- 2026-06-02 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-34906 2026-06-02 10:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116680047071361908 2026-06-02 11:34:19+00:00| seen|...

PT-2026-45826

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 Description A client-side Cross-Site Scripting XSS issue exists in the redirect handling of the unstable React Server Components RSC APIs. This occurs when redirects originate from untrusted sources...

PT-2026-45828

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 React Router versions prior to 7.14.0 Remix versions 2.9.0 and later Description Two distinct issues were identified. First, a client-side Cross-Site Scripting XSS flaw exists in the handling of...

CVE-2026-25277

creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-01 23:21:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnb7uhxovs2z 2026-06-02 00:01:00+00:00| seen|...