Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/28 9:10 p.m.18 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48050, CVE-2025-43865 and CVE-2025-43864)

Summary The following vulnerabilities that can affect IBM Storage Scale and the Management GUI and could provide weaker than expected security are now fixed CVE-2025-48050, CVE-2025-43865 and CVE-2025-43864. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before...

8.2CVSS6.4AI score0.23628EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/25 12:14 p.m.10 views

CVE-2025-43864

A flaw was found in the React Router. This vulnerability allows an attacker to trigger a rendering error via a crafted X-React-Router-SPA-Mode header, which can result in cache poisoning. If a caching system is in place, the corrupted error response may be cached and served to subsequent users,...

5.3CVSS7.2AI score0.23628EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/25 12:18 a.m.6 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS7AI score0.23628EPSS
Exploits0References3
OSV
OSV
added 2025/04/25 12:18 a.m.8 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS7AI score0.23628EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/25 12:18 a.m.77 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS0.23628EPSS
Exploits0References3
CVE
CVE
added 2025/04/25 12:18 a.m.164 views

CVE-2025-43864

CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).

7.5CVSS7.6AI score0.23628EPSS
Exploits0References3
Rows per page
Query Builder