Lucene search
K

325 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:46 p.m.7 views

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.4 views

SUSE CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.8 views

SUSE CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS6.8AI score0.0077EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.5 views

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.9AI score0.00128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is...

6.5CVSS5.4AI score0.00128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-68470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker- supplied path can be crafted so that when a React...

6.5CVSS5.5AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/12 6:40 p.m.9 views

CVE-2025-61686

A security issue was discovered in the react-router/node component of React Router. It is possible for an attacker manipulate an unsigned cookie to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the...

9.1CVSS6.6AI score0.16104EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/12 3:18 p.m.6 views

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...

8.2CVSS6.8AI score0.00472EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2026/01/12 11:12 a.m.5 views

Path Traversal

React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...

9.1CVSS7AI score0.16104EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2026/01/12 10:0 a.m.12 views

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...

8CVSS7.1AI score0.0077EPSS
Exploits0References36Affected Software2
Veracode
Veracode
added 2026/01/12 8:26 a.m.3 views

Cross-site Request Forgery

React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...

6.5CVSS6.7AI score0.00128EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-59057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...

8CVSS5.6AI score0.0077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.9 views

PT-2026-2346

Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...

9.1CVSS6.8AI score0.16104EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 3:15 a.m.6 views

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS0.00448EPSS
Exploits0References8
NVD
NVD
added 2026/01/10 3:15 a.m.6 views

CVE-2025-68470

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 3:15 a.m.8 views

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS0.0077EPSS
Exploits0References36
CVE
CVE
added 2026/01/10 2:42 a.m.28 views

CVE-2026-22030

CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/10 2:42 a.m.3 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 2:42 a.m.35 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS0.00128EPSS
Exploits0References1
Rows per page
Query Builder