6 matches found
EUVD-2026-33994
React Router vulnerable to Denial of Service via reflected user input in single-fetch...
SUSE CVE-2026-33245
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
SUSE CVE-2026-33244
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...
CVE-2026-33244
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...
PT-2026-45826
Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 Description A client-side Cross-Site Scripting XSS issue exists in the redirect handling of the unstable React Server Components RSC APIs. This occurs when redirects originate from untrusted sources...
WordPress Avada theme <= 7.13.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avada versions = 7.13.2...