4 matches found
PT-2026-40551
Name of the Vulnerable Software and Affected Versions Dalfox versions prior to 2.13.0 Description When running in REST API server mode, the software fails to sanitize certain fields in the request body, allowing an unauthenticated network caller to create or append to any file writable by the...
CVE-2025-68470
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...
CVE-2025-68470 React Router has unexpected external redirect via untrusted paths
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...
CVE-2025-68470 React Router has unexpected external redirect via untrusted paths
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...