Critical Alert 4 Active Exploits Detected Today

CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability →
CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability →
CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability →
CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-23870NVD

Vulnerability Summary

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.0.5, 19.1.0 through 19.1.6, and 19.2.0 through 19.2.5).
Severity Level
HIGH(7.5)
Published Date
May 6, 2026
Last Modified
May 7, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
0.34%Probability
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh