4556 matches found
UBUNTU-CVE-2026-9595
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
CVE-2026-9595
The CVE affects webpack-dev-server where a user-configured proxy with a broad context (e.g., /) and ws: true intercepts the dev server’s HMR WebSocket, forwarding it to the proxy target. This can leak cookies and Origin headers to the backend, bypass Host/Origin validation, and corrupt the HMR so...
CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies
Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...
PT-2026-49244
Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.5 Description A permissive user-configured proxy with a broad context e.g., '/' and ws: true intercepts the development server's own Hot Module Replacement HMR WebSocket and forwards it to the proxy...
PT-2026-49574
Name of the Vulnerable Software and Affected Versions Vite versions prior to 8.0.16 Vite versions prior to 7.3.5 Vite versions prior to 6.4.3 Description On Windows, the development server fails to correctly normalize NTFS Alternate Data Streams ADS path forms and 8.3 short name compatibility pat...
UNIX Symbolic Link (Symlink) Following
Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in setupPtmx and setupDevSymlinks, which enable file deletion via calls to os.Remove and os.Symlink. An attack...
CVE-2026-49993
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...
CVE-2026-45670
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
CVE-2026-49993 @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...
CVE-2026-49993 @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...
CVE-2026-49993
Nuxt (Vue.js) users using the @nuxt/rspack-builder and @nuxt/webpack-builder are affected. The CVE concerns an incomplete fix for GHSA-6m52-m754-pw2g in versions 3.15.4–3.21.6 and 4.0.0–4.4.6, where the dev server could leak source code if bound to a non-loopback address and a malicious site is o...
CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
EUVD-2026-36419
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
CVE-2026-45670
Summary (CVE-2026-45670) Nuxt.js dev-server exposure issue affects @nuxt/webpack-builder and @nuxt/rspack-builder. An incomplete fix for GHSA-4gf7-ff8x-hq99 allowed source-code leakage when the dev server is bound to a non-loopback address (for example, nuxt dev --host) and a user visits a malici...
CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
PT-2026-48868
Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.6 @nuxt/rspack-builder versions 4.0.0 through 4.4.6 @nuxt/webpack-builder versions 3.15.4 through 3.21.6 @nuxt/webpack-builder versions 4.0.0 through 4.4.6 Description An incomplete fix in the...
CVE-2026-12024
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
kernel: net: use dst_dev_rcu() in sk_setup_caps()
In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...
MAL-2026-5559 Malicious code in solana-dev-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 059c5a74392811a397d3868092b7bcc84fbfac9d2f3de1c69a6421cdf756b652 On npm install, the package's postinstall hook node install.js executes a multi-stage attack against the installer's machine. It reads...
RHEL 8 : poppler (RHSA-2026:24984)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24984 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...