NPM: Next.js vulnerable to cache poisoning in React Server Component responses

NPM: Next.js vulnerable to cache poisoning in React Server Component responses vulnerability discovered by ? in WordPress Npm next versions = 14.2.0, 15.5.16...

@vitejs/plugin-rsc has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.6. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh Patches Upgrade immediately to @vitejs/[email protected] or...

GHSA-W94C-4VHP-22GX @vitejs/plugin-rsc has a Denial of Service Vulnerability in React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.6. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh Patches Upgrade immediately to @vitejs/[email protected] or...

GHSA-8H8Q-6873-Q5FJ Next.js Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...

Next.js Vulnerable to Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-parcel versions = 19.0.0, 19.0.6...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-webpack versions = 19.0.0, 19.0.6...

EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

@cedarjs/api-server (>=1.0.0-canary.12863 <=9.0.0-canary.1784), @cedarjs/cli (>=1.0.0-canary.12863 <=9.0.0-canary.1784) +12 more potentially affected by CVE-2026-23870 via react-server-dom-webpack (>=19.2.1 <=19.2.4)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =3.0.0-canary.13429, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components

NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...

GHSA-RV78-F8RC-XRXH Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

MAL-2026-3509 Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

PT-2026-39894

Name of the Vulnerable Software and Affected Versions RVF versions 6.0.0 through 6.0.3 RVF versions 7.0.0 through 7.0.1 Description The setPath function in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object fails to block the keys proto , constructor, or prototype...

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

aerobi-poc

Aerobi POC — Simulação local de monitoramento de câmeras Labo...

@datalayer/jupyter-react (=0.9.5) potentially affected by CVE-2026-42557 via @jupyterlab/apputils-extension (=4.1.0-beta.0)

@jupyterlab/apputils-extension NPM version =4.1.0-beta.0 is affected by a known vulnerability. The following packages have a transitive dependency on @jupyterlab/apputils-extension and may be impacted: - @datalayer/jupyter-react =0.9.5 Source cves: CVE-2026-42557 Source advisory:...

@datalayer/jupyter-react (>=0.0.6 <=0.9.5), @jupyter-notebook/application-extension (>=7.1.0 <=7.4.7) +3 more potentially affected by CVE-2026-42557 via @jupyterlab/rendermime (>=4.0.0-alpha.11 <=4.4.10)

@jupyterlab/rendermime NPM version =4.0.0-alpha.11, =0.0.6, =7.1.0, =0.0.23, =1.29.0, =1.30.0-rc1 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABRENDERMIME-16438960...