Lucene search
K

4917 matches found

Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.9 views

PT-2026-2346

Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...

9.1CVSS6.8AI score0.16104EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-59057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...

8CVSS5.6AI score0.0077EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/10 5:16 p.m.199 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React2Shell: Full Analysis, PoC Overview, and...

10CVSS8.4AI score0.99562EPSS
Exploits372
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/10 10:0 a.m.11 views

Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...

7AI score
Exploits0References1
OSV
OSV
added 2026/01/10 10:0 a.m.6 views

MAL-2026-200 Malicious code in wac-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0642cdcd4abbaddae08f167b77852150ee23b0b9b363fd7495df86b998a43533 The package wac-react was found to contain malicious code. Source: ghsa-malware 0ccbbe4984cb82022ab6dafda5531ee164a8b7554a4796e3936432f0e17bc8d6 Any...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/10 10:0 a.m.8 views

Malicious code in wac-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3574245c1ec6c0d46b337b9600a38046ef129489605e5e108fcaaed753d50c9 The package wac-react-dom was found to contain malicious code. Source: ghsa-malware 483203b2478e5e472201a6f6d8efef0353ca7fb2ccf429996cc59e2574b2e497...

7AI score
Exploits0References1
OSV
OSV
added 2026/01/10 10:0 a.m.19 views

MAL-2026-201 Malicious code in wac-react-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3574245c1ec6c0d46b337b9600a38046ef129489605e5e108fcaaed753d50c9 The package wac-react-dom was found to contain malicious code. Source: ghsa-malware 483203b2478e5e472201a6f6d8efef0353ca7fb2ccf429996cc59e2574b2e497...

7AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/10 3:58 a.m.171 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Analysis Lab This...

10CVSS8.1AI score0.99562EPSS
Exploits372
NVD
NVD
added 2026/01/10 3:15 a.m.7 views

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2025-68470

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 3:15 a.m.6 views

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS0.00448EPSS
Exploits0References8
NVD
NVD
added 2026/01/10 3:15 a.m.5 views

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS0.0077EPSS
Exploits0References34
Cvelist
Cvelist
added 2026/01/10 2:42 a.m.33 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 2:42 a.m.3 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/10 2:42 a.m.4 views

EUVD-2026-1464

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.4AI score0.00128EPSS
Exploits0References2
CVE
CVE
added 2026/01/10 2:42 a.m.24 views

CVE-2026-22030

CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/01/10 2:42 a.m.5 views

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/01/10 2:42 a.m.5 views

CVE-2026-22029 React Router vulnerable to XSS via Open Redirects

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS6.5AI score0.0077EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/10 2:42 a.m.3 views

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

8CVSS5.9AI score0.0077EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder