4876 matches found
@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)
@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An attacker can crash the server by...
Allocation of Resources Without Limits or Throttling
Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...
@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23869 via react-server-dom-webpack (>=19.0.0 <=19.0.1)
react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...
@cedarjs/api-server (>=1.0.0-canary.12863 <=9.0.0-canary.1784), @cedarjs/cli (>=1.0.0-canary.12863 <=9.0.0-canary.1784) +12 more potentially affected by CVE-2026-23869 via react-server-dom-webpack (>=19.2.1 <=19.2.4)
react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =3.0.0-canary.13429, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...
Allocation of Resources Without Limits or Throttling
Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...
Allocation of Resources Without Limits or Throttling
Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...
React 安全漏洞
React is a JavaScript library developed by Meta for building user interfaces. There is a security vulnerability in React, which stems from excessive CPU usage when handling specially crafted HTTP requests, potentially leading to denial of service attacks. The following versions are affected:...
PT-2026-31432
Name of the Vulnerable Software and Affected Versions: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. Description: A denial of service vulnerability exists in React Server...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting (CVE-2025-15599, CVE-2026-0540) and loss of confidentiality (CVE-2025-68470, CVE-2026-22029)
Summary Node.js modules DomPurify and React Router are used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting CVE-2025-15599, CVE-2026-0540 and loss of confidentiality CVE-2025-68470,...
Year in Review: Vulnerabilities old and new and something React2
Speed and age shouldn't be allowed to pair up, but that is the theme of the Talos 2025 Year in Review vulnerability findings. Figure 1. React/React2Shell 2025 at the top, with PHPUnit 2017 and Log4j 2021 following up. The year was characterized by an unending beat-down on infrastructure that reli...
Argus: Reorchestrating Static Analysis Via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection
Recent advancements in Large Language Models LLMs have sparked interest in their application to Static Application Security Testing SAST, primarily due to their superior contextual reasoning capabilities compared to traditional symbolic or rule-based methods. However, existing LLM-based approache...
@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39365 via vite-plus (=0.1.11)
vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITEPLUS-15922214...
@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39364 via vite-plus (=0.1.11)
vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITEPLUS-15922246...
@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39363 via vite-plus (=0.1.11)
vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITEPLUS-15922243...
Exploit for Deserialization of Untrusted Data in Facebook React
👻 CVE-2025-55182 Go exploit Interactive RCE exploitation to...