4882 matches found
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...
Malicious code in react-fixtures-ssr (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d710afc7119dec419c22aa6e052c351680e8510317df2c1ea02c3ab56eec3bf4 Any computer that has this package installed or running should be considered...
PT-2025-27835
Name of the Vulnerable Software and Affected Versions: Next.js versions 15.3.0 through 15.3.2 Vercel CLI versions 41.4.1 through 42.1.0 Description: A cache poisoning issue was found in Next.js App Router and Vercel CLI, allowing page requests for HTML content to return a React Server Component R...
MAL-2025-5575 Malicious code in react-babel-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-babel-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Progress多款产品 跨站脚本漏洞
Progress Telerik UI for ASP.NET Core and others are products of Progress, Inc.Progress Telerik UI for ASP.NET Core is a set of UI component libraries for building cross-platform responsive web applications.Progress Telerik UI for Progress Telerik UI for ASP.NET MVC is a library of UI components f...
MAL-2025-5516 Malicious code in react-forget-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a394c45b21ba1a2437ef3331b2c18fb40316d9276a55529d77c29c8f729174be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-forget-runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a394c45b21ba1a2437ef3331b2c18fb40316d9276a55529d77c29c8f729174be Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5517 Malicious code in react-svg-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1b4540b7accc26da839119cb9cee8be93e168c74f00d68eb96e60241796fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-svg-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1b4540b7accc26da839119cb9cee8be93e168c74f00d68eb96e60241796fbf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5285 Malicious code in react-plaid-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2e5a7cd6740a8b92b5b0c681bce252fd1850ace8501de899aea496321176c95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5251 Malicious code in aws-sdk-react-native-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...
Malicious code in aws-sdk-react-native-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...
Malicious code in react-smooth-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7510dd029031b29ab209e3114deb48a7ad72b83c7d10073376637b71e89abf7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5237 Malicious code in react-smooth-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7510dd029031b29ab209e3114deb48a7ad72b83c7d10073376637b71e89abf7b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in audible-react-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e390437d447abf7cd857a317c79c2904de3c54d6ad86d8fcd26b65a13ecd6a59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5212 Malicious code in audible-react-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e390437d447abf7cd857a317c79c2904de3c54d6ad86d8fcd26b65a13ecd6a59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-web3-cache (npm)
--- -= Per source details. Do not edit below this line.=-...