CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

762 matches found

GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

7.5CVSS5.8AI score0.0004EPSS

Exploits0References6

OSV•added 2 days ago•3 views

GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00051EPSS

Exploits0References3

Snyk•added 3 days ago•0 views

Allocation of Resources Without Limits or Throttling

Overview @remix-run/server-runtime is a Server runtime for Remix Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the manifest endpoint. An attacker can exhaust server resources and cause service disruption by sending specially craft...

8.7CVSS5.5AI score0.00051EPSS

Exploits0References2

Vulnrichment•added 3 days ago•5 views

CVE-2026-40181 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS5.8AI score0.00041EPSS

Exploits0References1

NVD•added 2026/05/28 9:16 p.m.•10 views

CVE-2026-46834

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS0.00047EPSS

Exploits0References1

OSV•added 2026/05/28 6:10 a.m.•3 views

BELL-CVE-2026-46095 CVE-2026-46095 does not affect BellSoft software

Bulletin has no description...

5.7AI score0.00022EPSS

Exploits0References1

OSV•added 2026/05/28 6:10 a.m.•2 views

BELL-CVE-2026-46060 CVE-2026-46060 does not affect BellSoft software

Bulletin has no description...

5.7AI score0.00022EPSS

Exploits0References1

SUSE CVE•added 2026/05/27 10:59 a.m.•8 views

SUSE CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.0007EPSS

Exploits0References3

EUVD•added 2026/05/26 5:24 p.m.•8 views

EUVD-2026-31933

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.8AI score0.0001EPSS

Exploits0References2

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43259

luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the OpenWrt community packages feed and not installed by default — contains a command injection vulnerability in the setInitAction function. An authenticated user...

8.8CVSS6.1AI score0.0008EPSS

Exploits0References4

ICS•added 2026/05/26 12:0 a.m.•2 views

Hitachi Energy ITT600 Explorer

SUMMARY Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service DoS attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600...

5.5AI score

Exploits0References10

OSV•added 2026/05/25 10:16 a.m.•4 views

DEBIAN-CVE-2026-5223

5.3CVSS5.9AI score0.0007EPSS

Exploits0References1

NVD•added 2026/05/25 10:16 a.m.•6 views

CVE-2026-5223

6.5CVSS0.0007EPSS

Exploits0References3

OSV•added 2026/05/25 10:16 a.m.•3 views

ALPINE-CVE-2026-5223