PT-2026-24693

Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cve claudecodeui submission v2.zip  Submission Info | Field | Value | |-------|-------| | Package | @siteboon/claude-code-ui | | Ecosystem | npm | | Affected versions ...

Denial Of Service (DoS)

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack and next are vulnerable to a Denial-Of-Service DoS. The vulnerability is due to insufficient patching of unsafe payload deserialization in React Server Components, where maliciously crafted HTTP requests sent to Server...

CVE-2025-55184

CVE-2025-55184 is a pre-authentication Denial of Service vulnerability in React Server Components from versions 19.0.0 through 19.2.2 (affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack). The issue arises from unsafe deserialization of HTTP payloads sent t...

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes...

PT-2025-48817

Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.2.0 Description A pre-authentication remote code execution issue exists in React Server Components, specifically affecting the react-server-dom-parcel, react-server-dom-turbopack, and...

CVE-2025-62413

MQTTX v1.12.0 contains an XSS in the message viewer caused by improper rendering of MQTT payloads (HTML/JS). This can execute scripts in the app UI and potentially access credentials or trigger actions. The issue is fixed in v1.12.1; upgrading to 1.12.1 is the recommended remediation. The vulnera...

CVE-2025-62413 MQTTX vulnerable to cross-site scripting via improper message payload rendering

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

CVE-2025-62413 MQTTX vulnerable to cross-site scripting via improper message payload rendering

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

Prototype Pollution

Overview paypal-adaptive is a sdk for Paypal Adaptive Payments and Paypal Adaptive Accounts APIs. Affected versions of this package are vulnerable to Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC var...