CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 4:59 a.m.•10 views

CVE-2023-51843

react-dashboard 1.4.0 is vulnerable to Cross Site Scripting XSS as httpOnly is not set...

8.2CVSS6AI score0.00459EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:52 a.m.•7 views

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

9.8CVSS7.2AI score0.00756EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:36 a.m.•10 views

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

4.8CVSS5.8AI score0.0034EPSS

RedhatCVE•added 2025/05/23 4:32 a.m.•8 views

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

6.5CVSS6.9AI score0.00467EPSS

RedhatCVE•added 2025/05/23 3:43 a.m.•5 views

CVE-2023-30609

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message...

5.4CVSS6.2AI score0.00617EPSS

OSSF Malicious Packages•added 2025/05/23 3:23 a.m.•5 views

Malicious code in react-stitches (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6aadb4042b3d0276837870bb016b686e41ca410df61fda4ecf6d6886a1a296a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/05/23 3:23 a.m.•3 views

Exploits0References3

MAL-2025-4393 Malicious code in react-stitches (npm)

RedhatCVE•added 2025/05/23 3:18 a.m.•5 views

Exploits0References3

CVE-2023-23556

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...

9.8CVSS7.7AI score0.00891EPSS

RedhatCVE•added 2025/05/23 2:52 a.m.•6 views

CVE-2023-0365

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS4.4AI score0.00471EPSS

Exploits2References1

OSSF Malicious Packages•added 2025/05/23 2:45 a.m.•3 views

Malicious code in react-loggers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76a70b9997debf659f2b9059c7ceeb8f0709870b31e28b9f947c2c0f0acd4d0b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/05/23 2:45 a.m.•3 views

MAL-2025-4392 Malicious code in react-loggers (npm)

RedhatCVE•added 2025/05/23 2:39 a.m.•3 views

CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

9.8CVSS7.7AI score0.00891EPSS

RedhatCVE•added 2025/05/23 2:15 a.m.•12 views

CVE-2023-3294

Cross-site Scripting XSS - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7...

7.6CVSS6.1AI score0.00459EPSS

Exploits1References1

OSSF Malicious Packages•added 2025/05/23 2:1 a.m.•5 views

Malicious code in zzr-react-custom-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cc679d3328b5509a2417ca20a366fb8e1113772f0f3e39a99e6fb2faab531cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RedhatCVE•added 2025/05/23 1:55 a.m.•21 views

CVE-2023-24832

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...

7.5CVSS7AI score0.00723EPSS

OSSF Malicious Packages•added 2025/05/23 1:32 a.m.•4 views

Malicious code in garena-react-template-redux (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d59bac5979a72479c1bacdf22d89116f9a1885cc09f00ca01e3717741e177c65 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2025/05/23 1:32 a.m.•4 views

Malicious code in react-xterm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5f7c63ca98cf3df8c6642ac2a87eb6834e09162e30cd05b50172c8fa4f5cd32 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2025/05/23 1:32 a.m.•4 views

MAL-2025-4394 Malicious code in react-xterm2 (npm)

OSV•added 2025/05/23 1:32 a.m.•4 views

MAL-2025-4351 Malicious code in garena-react-template-redux (npm)