4917 matches found
PT-2026-2346
Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...
Linux Distros Unpatched Vulnerability : CVE-2025-59057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...
Linux Distros Unpatched Vulnerability : CVE-2026-22029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — React2Shell: Full Analysis, PoC Overview, and...
Malicious code in wac-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...
MAL-2026-200 Malicious code in wac-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...
Malicious code in wac-react-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3574245c1ec6c0d46b337b9600a38046ef129489605e5e108fcaaed753d50c9 The package wac-react-dom was found to contain malicious code. Source: ghsa-malware 483203b2478e5e472201a6f6d8efef0353ca7fb2ccf429996cc59e2574b2e497...
MAL-2026-201 Malicious code in wac-react-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3574245c1ec6c0d46b337b9600a38046ef129489605e5e108fcaaed753d50c9 The package wac-react-dom was found to contain malicious code. Source: ghsa-malware 483203b2478e5e472201a6f6d8efef0353ca7fb2ccf429996cc59e2574b2e497...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell Vulnerability Analysis Lab This...
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2025-68470
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...
CVE-2025-59057
React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...
CVE-2026-22029
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
EUVD-2026-1464
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22030
CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22029 React Router vulnerable to XSS via Open Redirects
React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...
CVE-2026-22029
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...