CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-34077

React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...

CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-33244 React Router has stored XSS via unescaped Location header in prerendered redirect HTML

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

PT-2026-45799

Name of the Vulnerable Software and Affected Versions React Router versions 7.5.1 through 7.13.1 Description When using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS—a vulnerability where malicious scripts...

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

PT-2026-34471

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

Vue-After-Free A PlayStation Vue userland code execution e...

GHSA-4JQP-9QJV-57M2 Keylime Missing Authentication for Critical Function and Improper Authentication

Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...

Apple Security Update: iOS 16.7.13 and iPadOS 16.7.13

Apple recommends to install security update iOS 16.7.13 and iPadOS 16.7.13 on devices iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation...

phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

October CMS 跨站脚本漏洞

October CMS is an open source content management system CMS from October CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 3.7.13 and prior to 4.0.12, which stems from insufficient cleanup and escaping in...

CVE-2025-64634

CVE-2025-64634 affects the WordPress ThemeFusion Avada theme (versions up to 7.13.2). The root cause is a missing authorization check on a function, allowing authenticated users (subscriber level and up) to access functionality not properly constrained by ACLs. CVSS v3.1 base score is 5.3 (Medium...

PT-2025-51405

Name of the Vulnerable Software and Affected Versions Avada versions through 7.13.1 Description A missing authorization flaw exists in ThemeFusion Avada. This issue allows access to functionality that is not properly restricted by Access Control Lists ACLs. Recommendations Update Avada to a versi...

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata versions prior to 7.0.13 and prior to 8.0.2, which stems from a stack overflow in a Lua script that handles large buffers, potentially causing a crash...

GHSA-H369-CPJJ-QFFF phppgadmin vulnerable to Cross-site Scripting

phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...

phpPgAdmin 安全漏洞

phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from multiple components that do not properly encode or clean up user input, and could lead to a...

BIT-OAUTH2-PROXY-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...

CVE-2025-64484

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...