CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/04/01 6:20 p.m.•7 views

CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

7.5CVSS7.1AI score0.00095EPSS

OSV•added 2025/04/01 6:20 p.m.•1 views

CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

7.5CVSS6.9AI score0.00095EPSS

Exploits0References3

CVE•added 2025/04/01 6:20 p.m.•119 views

CVE-2025-31137

Summary: A Host/X-Forwarded-Host header manipulation vulnerability in Remix/React Router affects Remix 2 and React Router 7 users using the Express adapter. An attacker can spoof the incoming Request URL by placing a pathname in the URL’s port section of a header-hosted URL, potentially altering ...

7.5CVSS7.1AI score0.00095EPSS

OSV•added 2025/04/01 2:16 p.m.•2 views

CVE-2025-30210 Bruno XSS On Environment Name

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS6.5AI score0.0026EPSS

Exploits1References3

Positive Technologies•added 2025/04/01 12:0 a.m.•2 views

PT-2025-14115 · Unknown +1 · React-Tooltip +1

Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: The issue arises from custom tool-tip components using react-tooltip, which set content as raw HTML and inject it into the DOM on hover. This, combined with loose Content Security Policy restriction...

8.7CVSS7.1AI score0.0026EPSS

Exploits1References4

CNNVD•added 2025/04/01 12:0 a.m.•1 views

react-router 环境问题漏洞

react-router is a declarative routing for React open-sourced by Remix. An environmental issue vulnerability exists in react-router versions 7.0.0 through 7.4.0, which stems from an Express adapter for Remix or React Router that allows request URLs to be forged via URL pathnames...

7.5CVSS7.4AI score0.00095EPSS

Positive Technologies•added 2025/04/01 12:0 a.m.•4 views

PT-2025-14377 · Express +2 · Express +2

Name of the Vulnerable Software and Affected Versions: React Router versions 7.0.0 through 7.4.0 Remix versions 2.11.1 and later, prior to 2.16.3 Description: The issue allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part o...

7.5CVSS7.3AI score0.00095EPSS

Exploits0References25

vulnersOsv•added 2025/03/31 5:31 p.m.•5 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-31125 Source advisory:...

7.5CVSS6.6AI score0.83244EPSS

Exploits9

OSSF Malicious Packages•added 2025/03/28 12:38 p.m.•3 views

Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

OSV•added 2025/03/28 12:38 p.m.•1 views

Exploits0

MAL-2025-2836 Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

OSSF Malicious Packages•added 2025/03/28 8:55 a.m.•3 views

Malicious code in react-html2pdf.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be6d515bfa8ee2ff472a78fae780650681611a5d7184b12d85b273b398597172 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/03/28 8:55 a.m.•10 views

MAL-2025-2781 Malicious code in react-html2pdf.js (npm)

OSV•added 2025/03/28 8:12 a.m.•2 views

MAL-2025-2757 Malicious code in ecko-wallet-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0abf27a0a21da3cbad3585aecbe105d054575fe79c1b9c788c93ff4b6478bcab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/03/28 8:12 a.m.•3 views

Malicious code in ecko-wallet-react (npm)

OSV•added 2025/03/28 8:12 a.m.•2 views

MAL-2025-2755 Malicious code in ecko-dex-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d26b6d8be6f7dbf592bade371103317c029f4297df9557c79997a41d18e2c3c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/03/28 8:12 a.m.•2 views

Malicious code in ecko-dex-react (npm)

OSSF Malicious Packages•added 2025/03/28 3:39 a.m.•3 views

Malicious code in @takamol/react-qiwa-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 793f690e0bffdd7f7b94c843db756d422d1d76e710507c5f07fec74703d68b55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/03/28 3:39 a.m.•4 views

Malicious code in @takamol/ets-react-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f82dcc5edf4748a4186895186924ee28e0f55fe782fe6b7e4d4f6ffe895195d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...