CVE-2026-39371 RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests

RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...

@amoscmc/dummy-package (>=1.3.1 <=1.3.3), @bitrefill/airfill-widget (>=4.2.2 <=4.8.3) +88 more potentially affected by CVE-2025-57318 via csvjson (>=1.0.5 <=5.1.0)

csvjson NPM version =1.0.5, =1.3.1, =4.2.2, =1.0.0, =1.0.6, =1.0.93, =0.0.4, =0.1.0, =0.5.1, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 and more Source cves: CVE-2025-57318 Source advisory: SNYK:JS-CSVJSON-13110014...

PT-2025-4493 · Lucidlms · Lucidlms

Name of the Vulnerable Software and Affected Versions: LucidLMS versions n/a through 1.0.5 Description: The issue is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Reflected XSS. This can be exploited through reflected XSS, whe...

192.168.0.172 (=4.6.1), 2ch (>=0.1.0 <=0.1.3) +4061 more potentially affected by CVE-2022-25901 via cookiejar (>=1.0.5 <=2.1.2)

cookiejar NPM version =1.0.5, =0.1.0, =0.13.0, =0.0.2, =0.0.1, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.16.0, =0.1.1, =0.3.1 and more Source cves: CVE-2022-25901 Source advisory: OSV:GHSA-H452-7996-H45H...