VYPR
Vendor

Redwoodjs

Products
2
CVEs
5
Across products
6
Status
Private

Products

2

Recent CVEs

5
  • CVE-2026-39371HigApr 7, 2026
    risk 0.46cvss 8.1epss 0.00

    RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to…

  • CVE-2026-42190MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a…

  • CVE-2024-3764LowApr 14, 2024
    risk 0.18cvss 2.7epss 0.01

    ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2021-26710Feb 5, 2021
    risk 0.02cvss epss 0.07

    A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.

  • CVE-2021-26711Feb 5, 2021
    risk 0.00cvss epss 0.02

    A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.