CVE-2026-53663 React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

RARLabs WinRAR Directory Traversal Vulnerability (Jun 2025) - Windows

WinRAR is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rarlab:winrar";...

Atlassian Jira 7.12 < 7.13.2 Information Disclosure In Browseprojects.jspa Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.12.x prior to 7.13.2 or 8.0.0 prior to 8.0.2. It is, therefore, affected by a vulnerability which permits remote attackers to see information for archived projects through a missing...

Atlassian Confluence 7.12.x < 7.12.5 RCE Via OGNL Injection

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker...