Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 12:25 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...

6CVSS6.6AI score0.01699EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 10:41 p.m.12 views

Security Bulletin: Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation (CVE-2025-31125, CVE-2025-32395, CVE-2025-31486).

Summary Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation CVE-2025-31125, CVE-2025-32395, CVE-2025-31486. Vite is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address these vulnerabilities...

7.5CVSS5.5AI score0.621EPSS
Exploits13Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:49 a.m.7 views

CVE-2023-32395

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...

5.5CVSS5.7AI score0.00261EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/18 9:10 a.m.266 views

Exploit for CVE-2025-32395

CVE-2025-32395 CV...

6CVSS6.6AI score0.01699EPSS
Exploits2
Wolfi
Wolfi
added 2025/04/15 7:44 p.m.12 views

CVE-2025-32395 vulnerabilities

Vulnerabilities for packages: vitess...

6CVSS7.1AI score0.01699EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.5 views

@angular/build (>=19.2.0 <=19.2.0-rc.0), @d-zero/builder (=5.0.0-alpha.39) +38 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)

vite NPM version =6.1.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

6CVSS6.5AI score0.01699EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.5 views

1food-menu (>=0.0.1 <=0.2.3), 7qb-cli (=2.0.0) +2706 more potentially affected by CVE-2025-32395 via vite (>=0.14.4 <=4.5.11)

vite NPM version =0.14.4, =0.0.1, =1.0.0, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.3, =1.0.1, =1.0.12, =0.0.4, =1.0.1, =1.0.7 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...

6CVSS6.5AI score0.01699EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.6 views

@aicblock/cli (>=1.0.0 <=1.0.1), @angular/build (>=19.2.1 <=20.0.0-next.5) +40 more potentially affected by CVE-2025-32395 via vite (>=6.2.0 <=6.2.5)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =3.0.0, =3.0.0-BETA.1 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...

6CVSS6.5AI score0.01699EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.5 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-32395 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...

6CVSS6.5AI score0.01699EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.5 views

@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +403 more potentially affected by CVE-2025-32395 via vite (>=5.0.0 <=5.4.17)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...

6CVSS6.5AI score0.01699EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/04/11 8:57 a.m.7 views

CVE-2025-32395

A flaw was found in Vite. This vulnerability allows arbitrary file access via specially crafted HTTP requests containing a character in the request URL. The issue occurs when the server is run on Node.js or Bun and exposed to the network. Improper handling of invalid request lines allows these...

6.5CVSS6.5AI score0.01699EPSS
Exploits2References5
NVD
NVD
added 2025/04/10 2:15 p.m.10 views

CVE-2025-32395

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS0.01699EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/04/10 1:25 p.m.18 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6.8AI score0.01699EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/04/10 1:25 p.m.18 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS0.01699EPSS
Exploits2References2
OSV
OSV
added 2025/04/10 1:25 p.m.15 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6AI score0.01699EPSS
Exploits2References4
Circl
Circl
added 2025/04/10 7:7 a.m.16 views

CVE-2025-32395

creationtimestamp| type| source ---|---|--- 2025-04-10 07:07:20+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4 2025-04-10 15:32:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta4azji2z 2025-04-10 17:52:04+00:00| seen|...

6CVSS6.3AI score0.01699EPSS
Exploits2References9
NVD
NVD
added 2023/06/23 6:15 p.m.19 views

CVE-2023-32395

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...

5.5CVSS4.5AI score0.00261EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/23 12:0 a.m.7 views

CVE-2023-32395

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system...

5.7AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2023/06/23 12:0 a.m.82 views

CVE-2023-32395

CVE-2023-32395 is a logic/state-management issue in macOS that could allow an app to modify protected parts of the file system. Affected platforms are macOS Big Sur 11.7.7, macOS Monterey 12.6.6, and macOS Ventura 13.4, where the vulnerability has been fixed. The issue is described as a logic iss...

5.5CVSS5.9AI score0.00261EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.45 views

macOS 12.x < 12.6.6 Multiple Vulnerabilities (HT213759)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.6. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 a...

9.8CVSS7.8AI score0.01706EPSS
Exploits2References33
Rows per page
Query Builder