14 matches found
CVE-2026-44593
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...
CVE-2026-44593
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...
CVE-2026-44593
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...
GHSA-PM4J-7R4Q-CCG8 Soroban: Muxed address<->ScVal conversions may break after a conversion failure
Summary Soroban host ensures that MuxedAddress objects can't be used as storage keys in order to proactively prevent the contract logic bugs. However, due to a bug in Soroban host implementation, a failure in Val-ScVal conversion during the storage key computation will have the flag indicating th...
SUSE CVE-2026-21884
React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generat...
Cross-site Scripting (XSS)
Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generat...
React Router SSR XSS in ScrollRestoration
A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...
EUVD-2025-6204
Malicious code in bioql PyPI...
CVE-2025-25451
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2faauthorized" Local Storage key...
CVE-2025-25451
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2faauthorized" Local Storage key...
CVE-2025-25451
The vulnerability CVE-2025-25451 affects TAAGSOLUTIONS GmbH MyTaag (versions up to v.2024-11-24). The root cause is privilege escalation via the Local Storage key named “2fa_authorized,” which an attacker in physical proximity can exploit. The CVSS v3.1 base score is 5.1 (Medium) with Local attac...
西部数据 Western Digital G-Technology ArmorLock NVMe SSD 安全漏洞
The Western Digital G-Technology ArmorLock NVMe SSD is a firmware from Western Digital, Inc. It provides a computer storage device made with integrated circuits. A security vulnerability exists in Western Digital G-Technology ArmorLock NVMe SSDs, which stems from an insecure storage key. The...