Lucene search
K

327 matches found

IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00808EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.5 views

CVE-2026-42342

A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...

7.5CVSS5.7AI score0.00299EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 1:28 p.m.9 views

CVE-2026-53663

A flaw was found in React Router. Insufficient Cross-Site Request Forgery CSRF checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 7:17 p.m.8 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:39 p.m.46 views

CVE-2026-53663 React Router: `handleDocumentRequest` CSRF check covers `POST` only; PUT/PATCH/DELETE bypass

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 5:39 p.m.20 views

CVE-2026-53663

React Router (v7 Framework Mode) is affected in versions 7.12.0–7.15.0 where CSRF checks run on POST but not on PUT/PATCH/DELETE; this could enable cross-origin state changes. The issue is considered low severity due to browser protections (CORS preflight, SameSite cookies). It has been fixed in ...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:39 p.m.5 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/22 5:39 p.m.7 views

EUVD-2026-38338

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/22 12:27 p.m.9 views

CVE-2026-33245

A flaw was found in React Router. This vulnerability, a type of Cross-Site Scripting XSS, affects applications utilizing React Router's unstable React Server Components RSC APIs. A remote attacker could exploit this by sending untrusted redirects, leading to the execution of malicious scripts in...

8CVSS6AI score0.00188EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/20 12:50 p.m.11 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

9.9CVSS6.7AI score0.01161EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open...

8.7CVSS5.9AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 6:54 p.m.20 views

CVE-2026-33244

A flaw was found in react-router. When using Framework Mode with pre-rendering enabled, an attacker can exploit improper handling of the HTTP Location header value. This can lead to Cross-Site Scripting XSS, allowing malicious scripts to be injected into statically generated HTML files if the...

5.4CVSS5.2AI score0.00144EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/18 6:42 p.m.6 views

CVE-2026-40181

A flaw was found in React Router. This vulnerability allows a remote attacker to redirect users to an external, potentially malicious, website. This occurs when specially crafted URLs, containing paths starting with //, are passed to the redirect function, causing them to be misinterpreted as...

8.7CVSS5.3AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 8:6 p.m.7 views

GHSA-84G9-W2XQ-VCV6 React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

3.1CVSS5.4AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:6 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient CSRF checks for PUT, PATCH, and DELETE document requests. An attacker can cause unauthorized state changes by tricking a user into submitting crafted requests from another origin. Note...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 8:6 p.m.5 views

NPM: React Router: Potential CSRF via PUT/PATCH/DELETE document requests

NPM: React Router: Potential CSRF via PUT/PATCH/DELETE document requests vulnerability discovered by ? in WordPress Npm react-router versions = 7.12.0, 7.15.1...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:6 p.m.10 views

React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

3.1CVSS5.4AI score0.00106EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49578

Name of the Vulnerable Software and Affected Versions React Router version 7 Description Insufficient Cross-Site Request Forgery CSRF checks in Framework Mode allow bypasses when using 'PUT', 'PATCH', or 'DELETE' requests, as the checks were primarily applied to 'POST' requests. CSRF is a type of...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.13 views

CVE-2026-34077

A flaw was found in React Router versions 7.7.0 through 7.13.1. When using the unstable React Server Components RSC APIs, insufficient sanitization of redirect targets allows client-side cross-site scripting if redirects originate from untrusted sources. An attacker could inject script that...

7.5CVSS5.7AI score0.00294EPSS
Exploits0References4
Rows per page
Query Builder