VulnCheck KEV: CVE-2025-24963

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2026-24963

Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through = 1.2.38...

MiracleLinux 9 : apr-1.7.0-12.el9_3 (AXSA:2023-7043:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7043:05 advisory. apr: integer overflow/wraparound in aprencode CVE-2022-24963 Tenable has extracted the preceding description block directly from the MiracleLinux security...

TencentOS Server 4: apr (TSSA-2024:0358)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0358 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0045: apr (ALINUX3-SA-2024:0045)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0045 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-24963: Integer Overflow or Wraparound...

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

CVE-2025-24963

Vitest Browser Mode Local File Read (CVE-2025-24963): The __screenshot-error HTTP handler in Vitest’s browser mode can serve arbitrary files if the server is exposed to the network (browser.api.host: true). Root cause tied to commit 2d62051. Impact is reading arbitrary filesystem content; remedia...

CVE-2025-24963 Browser mode serves arbitrary files in vitest

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2025-24963 Browser mode serves arbitrary files in vitest

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2025-24963 Browser mode serves arbitrary files in vitest

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

CVE-2025-24963

creationtimestamp| type| source ---|---|--- 2025-02-04 06:23:56+00:00| published-proof-of-concept| https://github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5 2025-02-04 20:16:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lheur3fp7v2c 2025-02-04...

CVE-2022-24963 affecting package apr for versions less than 1.7.2-1

CVE-2022-24963 affecting package apr for versions less than 1.7.2-1. A patched version of the package is available...

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-24963

A confirmed vulnerability in AutomationDirect P3-550E (Productivity3000) firmware v1.2.10.9 and related Programming Software Connection FileSelect handler (IMM 0x12) causes a stack-based buffer overflow when constructing a local filename from attacker-supplied path data. Talos details show an 0x1...

CVE-2024-24963

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

RLSA-2023:7711 Moderate: apr security update

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fixes: apr: integer overflow/wraparound in aprencode CVE-2022-24963 For more details about the security issues,...

CVE-2022-24963 affecting package apr for versions less than 1.7.2-1

CVE-2022-24963 affecting package apr for versions less than 1.7.2-1. A patched version of the package is available...

Oracle Linux 9 : apr (ELSA-2023-7711)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7711 advisory. 1.7.0-12 - fix integer bounds checking in aprencode Resolves: RHEL-17123 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 9 : apr (RHSA-2023:7711)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7711 advisory. The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data...