Lucene search
K

4 matches found

EUVD
EUVD
added 2025/10/03 8:39 p.m.6 views

EUVD-2025-32379

Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...

6.9CVSS6.6AI score0.00281EPSS
Exploits1References3
NVD
NVD
added 2025/04/09 4:15 p.m.15 views

CVE-2025-32379

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

6.1CVSS0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/09 3:56 p.m.26 views

CVE-2025-32379 XSS at ctx.redirect() function in Koajs

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

5CVSS0.00228EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/04/09 1:0 p.m.8 views

3dshex (>=0.1.0 <=0.5.3), 91jin (>=0.1.4 <=0.1.8) +1813 more potentially affected by CVE-2025-32379 via koa (>=0.0.1 <=2.16.0)

koa NPM version =0.0.1, =0.1.0, =0.1.4, =1.0.0, =1.0.0, =0.1.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.94 and more Source cves: CVE-2025-32379 Source advisory: OSV:GHSA-X2RG-Q646-7M2V...

6.1CVSS5.9AI score0.00228EPSS
Exploits0
Rows per page
Query Builder