Lucene search
K

484 matches found

NVD
NVD
added 2026/06/02 8:16 p.m.13 views

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 5:31 p.m.32 views

CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 5:31 p.m.9 views

CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 5:31 p.m.105 views

CVE-2026-34077

React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/02 5:14 p.m.31 views

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:14 p.m.9 views

CVE-2026-33245

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

8CVSS5.8AI score0.00188EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45826

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 Description A client-side Cross-Site Scripting XSS issue exists in the redirect handling of the unstable React Server Components RSC APIs. This occurs when redirects originate from untrusted sources...

8CVSS5.4AI score0.00188EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45828

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 React Router versions prior to 7.14.0 Remix versions 2.9.0 and later Description Two distinct issues were identified. First, a client-side Cross-Site Scripting XSS flaw exists in the handling of...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

react-router 安全漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions 7.7.0 to 7.13.1 of react-router contain security vulnerabilities. These vulnerabilities stem from improper redirection handling when using the unstable RSC API, which may lead to cross-site scripting attacks ...

7.5CVSS4.9AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

AuthKit React Router Library 跨站脚本漏洞

AuthKit React Router Library is an open-source project developed by WorkOS, used within React Router 7 for authentication and session management. Versions 7.7.0 to 7.13.1 of the AuthKit React Router Library contain a cross-site scripting vulnerability. This vulnerability arises from improper...

8CVSS5AI score0.00188EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/30 12:26 a.m.127 views

Exploit for CVE-2025-66478

CVE-2025-66478-Research-Proof-of-Concept Overview This re...

7.5AI score
Exploits111
RedhatCVE
RedhatCVE
added 2026/05/28 11:12 a.m.12 views

CVE-2026-44576

A flaw was found in Next.js, a React framework for building web applications. This vulnerability, related to cache poisoning, affects applications utilizing React Server Components RSC when shared caches fail to properly partition response variants. A remote attacker can exploit this by causing a...

5.4CVSS5.8AI score0.0025EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/26 6:59 p.m.100 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Lab — React Server Components RCE !Dockerh...

10CVSS5.9AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/05/25 10:6 p.m.114 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React Server Components Pre-Auth RCE "React2...

10CVSS7.5AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2026/05/24 12:29 a.m.90 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...

10CVSS7.6AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/05/24 12:29 a.m.92 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React2Shell Unauthenticated RCE in React Ser...

10CVSS7.6AI score0.99562EPSS
Exploits372
ATTACKERKB
ATTACKERKB
added 2026/05/20 10:54 a.m.9 views

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

4.4CVSS5.8AI score0.00089EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 10:29 a.m.7 views

CVE-2026-22314

Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

9CVSS6.2AI score0.00387EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 7:47 a.m.85 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-React2Shell xpl0ited by infrar3dhttps://git...

10CVSS7.3AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/05/17 7:41 a.m.69 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

10CVSS6.1AI score0.99562EPSS
Exploits372
Rows per page
Query Builder