1204 matches found
GHSA-8646-J5J9-6R62 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...
EUVD-2026-33988
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets...
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...
CVE-2026-34077
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
EUVD-2026-33994
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-34077
React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
CVE-2026-33245
CVE-2026-33245 affects React Router versions 7.7.0–7.13.1 when using unstable React Server Components (RSC) APIs. The issue is a client-side XSS vulnerability in the RSC redirect handling if redirects originate from untrusted sources. Applications not using the unstable RSC APIs are not affected....
PT-2026-45826
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
PT-2026-45828
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering If a memory allocation fails during dupmmap, the maple tree can be left in an unsafe state for other iterators besides the exit path. All the locks are dropped...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerabilities have been resolved: cifs: A use-after-free has been fixed in rdata-readintopages. When the network status is unstable, a use-after-free may occur when reading data from the server. BUG: KASAN: Use-after-free in readpagesfillpages+0x14c/0x7e0. Cal...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013365)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013365 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata-readintopages When the network status is unstable, use-after-fr...
CVE-2025-49010
A flaw was found in OpenSC, an open source smart card tools and middleware. An attacker with physical access to the computer, at the time a user or administrator uses a token, can exploit this vulnerability. By presenting specially crafted responses to Application Protocol Data Units APDUs from a...
CVE-2026-23275
A flaw was found in the Linux kernel's iouring subsystem. This vulnerability occurs during the resizing of an iouring ring when task work is added with specific flags DEFERTASKRUN or SETUPTASKRUN. A race condition allows the IORINGSQTASKRUN flag to be set in an unstable memory region, which can...
[SECURITY] Fedora 42 Update: envision-3.2.0-7.fc42
UI for building, configuring, and running Monado, the open source OpenXR runtime. This is still highly experimental software, while it's unlikely that anything bad will happen, it's still unstable and there is no guarantee that it will work on your system, with your particular hardware. If you...
[SECURITY] Fedora 43 Update: envision-3.2.0-7.fc43
UI for building, configuring, and running Monado, the open source OpenXR runtime. This is still highly experimental software, while it's unlikely that anything bad will happen, it's still unstable and there is no guarantee that it will work on your system, with your particular hardware. If you...
CVE-2026-23035
The CVE-2026-23035 entries describe a Linux kernel mlx5e issue where mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. The fix involves passing netdev to mlx5e_destroy_netdev() instead of priv and validating priv->profile in mlx5e_remove to avoid operating o...