12 matches found
@accounter/client (>=0.0.3 <=0.0.11-alpha-20260404002702-9340365def1af08a5cdbbf734a87d1d4839bdaff), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +151 more potentially affected by CVE-2026-34077 via react-router (>=7.0.0 <=7.14.0-pre.0)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =7.13.1-depup.0, =7.13.2-depup.0 and more Source cves: CVE-2026-34077 Source advisory: OSV:GHSA-RXV8-25V2-QMQ8...
SUSE CVE-2026-42342
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...
@accounter/client (>=0.0.3 <=0.0.12-alpha-20260508071110-20f5becdec9522d09c6a97f123f7c572407661fb), @appigram/react-code-split-ssr (>=1.3.7 <=1.3.8) +256 more potentially affected by CVE-2026-42342 via react-router (>=7.0.0 <=7.14.2)
react-router NPM version =7.0.0, =0.0.3, =1.3.7, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42342 Source advisory: OSV:GHSA-8X6R-G9MW-2R78...
@nativescript/tanstack-router (>=0.1.0 <=0.1.2), @tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) +2 more potentially affected by CVE-2026-45321 via @tanstack/solid-router (>=1.121.0-alpha.28 <=1.169.2)
@tanstack/solid-router NPM version =1.121.0-alpha.28, =0.1.0, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.121.0-alpha.28, =1.166.51 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDROUTER-16640230...
EUVD-2023-41449
Malicious code in bioql PyPI...
Linksys E1500 安全漏洞
The Linksys E1500 is a wireless router from Linksys, USA. A security vulnerability exists in Linksys E1500 versions 1.0.00, 1.0.04, and 1.0.05, which stems from a directory traversal issue in the apply.cgi endpoint that could lead to information disclosure...
CVE-2025-45985
Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function...
CVE-2025-32421
Next.js CVE-2025-32421 describes a race-condition in the Pages Router that, under certain misconfigurations, can cause endpoints to serve pageProps data instead of HTML. Affected versions are pre-14.2.24 and pre-15.1.6; patch versions 14.2.24 and 15.1.6 strip the x-now-route-matches header to mit...
10xanswers (>=1.1.0 <=1.1.16), 31g-form-parser (=1.0.107) +3312 more potentially affected by CVE-2025-43865 via react-router (>=7.0.0-pre.0 <=7.5.1)
react-router NPM version =7.0.0-pre.0, =1.1.0, =1.0.0, =0.0.6, =0.0.1, =0.1.0, =3.1.0-beta.1, =1.0.0, =0.0.2, =1.0.0, =1.0.1, =5.0.8 and more Source cves: CVE-2025-43865 Source advisory: OSV:GHSA-CPJ6-FHP6-MR6J...
PT-2025-14377 · Express +2 · Express +2
Name of the Vulnerable Software and Affected Versions: React Router versions 7.0.0 through 7.4.0 Remix versions 2.11.1 and later, prior to 2.16.3 Description: The issue allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part o...
Ubiquiti EdgeRouter 命令注入漏洞
The Ubiquiti EdgeRouter is a router from Ubiquiti USA. A command injection vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions, which stems from an incorrect operation of the parameter ecn-up that can lead to command injection...
GL.iNet GL-AR150 跨站脚本漏洞
The GL.iNet GL-AR150 is a mini smart router from China-based GL.iNet. The GL.iNet GL-AR150 2.x prior to 3.x device suffers from a cross-site scripting vulnerability, which can be exploited by an attacker by creating SSIDs with XSS loads as names...