SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3168 more potentially affected by CVE-2025-43865 via react-router (>=7.0.0-pre.0 <=7.5.1)

react-router NPM version =7.0.0-pre.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =3.1.61, =3.2.206 and more Source cves: CVE-2025-43865 Source advisory: OSV:GHSA-CPJ6-FHP6-MR6J...

PT-2025-14377 · Express +2 · Express +2

Name of the Vulnerable Software and Affected Versions: React Router versions 7.0.0 through 7.4.0 Remix versions 2.11.1 and later, prior to 2.16.3 Description: The issue allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part o...