157 matches found
React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
When using React Router v7 in Framework Mode, there exists a combination of steps that could potentially allow unauthorized RCE through external requests. This first requires the application code to have an existing prototype pollution vulnerability. This can be leveraged into a 2-step attack in...
GHSA-2J2X-HQR9-3H42 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...
EUVD-2026-33996
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation...
SUSE CVE-2026-33244
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...
CVE-2026-40181
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...
CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...
CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...
CVE-2026-40181
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...
PT-2026-45832
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...
USN-8357-1: Qt Declarative vulnerability
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...
USN-8357-1 qtdeclarative-opensource-src vulnerability
It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt Quick. An attacker could possibly use this issue to cause Qt Declarative to use excessive resources, leading to a denial of service...
NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction
Reproducing software vulnerabilities is fundamental to security researchers, open-source maintainers, and educators. Yet, vulnerabilities remain hard to reproduce today, and even when they can be reproduced, recreating a software environment where the vulnerability can be exploited becomes harder...
RHEL 10 : qt6-qtdeclarative (RHSA-2026:20567)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20567 advisory. Qt6 - QtDeclarative component. Security Fixes: qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file CVE-2025-14576 For more...
RHSA-2026:20567 Red Hat Security Advisory: qt6-qtdeclarative security update
Bulletin has no description...
Important: Red Hat Security Advisory: qt6-qtdeclarative security update
An update for qt6-qtdeclarative is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
[SECURITY] Fedora 44 Update: qt6-qtdeclarative-6.10.3-1.fc44
Qt6 - QtDeclarative component...
CVE-2026-29050
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...
[SECURITY] Fedora 44 Update: kf6-kdeclarative-6.25.0-1.fc44
KDE Frameworks 6 Tier 3 addon for Qt declarative...