CVE-2026-33244 React Router has stored XSS via unescaped Location header in prerendered redirect HTML

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088: WinRAR’s Zero-Day Path Traversal — From Zero...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...

WinRAR vulnerability exploited by two different groups

On July 30, 2025, WinRAR released a new version 7.13 Final to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack vario...