Nuxt 信息泄露漏洞

Nuxt is a free open source framework from Nuxt Open Source. An information disclosure vulnerability exists in Nuxt versions 3.8.1 through prior to 3.15.3 that stems from a default CORS setting that allows any website to send any request to the development server and read the response...

Websites were able to send any requests to the development server and read the response in vite

Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...

CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response

Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...

Vite 安全漏洞

Vite is a new front-end builder tool open-sourced by Vite. A security vulnerability exists in Vite that stems from default CORS settings and a lack of validation of the Origin header of a WebSocket connection, which allows any website to send any request to the development server and read the...

PT-2024-40057 · Ez Systems +3 · Ez Platform +4

Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns the handling of file uploads in eZ Platform and eZ Publish Legacy, potentially leading to remote code execution RCE if exploited. An attacker...

PT-2024-2962

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.18 Vite versions prior to 3.2.10 Vite versions prior to 4.5.3 Vite versions prior to 5.0.13 Vite versions prior to 5.1.7 Vite versions prior to 5.2.6 Description: The issue is related to insufficient access control ...

PT-2024-12054 · Unknown · Ladle Dev Server

Name of the Vulnerable Software and Affected Versions: Ladle Dev Server versions 2.5.1 and earlier Description: A Directory Traversal issue allows an attacker on the same network to read files accessible to the user via GET requests. This can be exploited by sending requests to specific API...

Moderate: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

CVE-2023-42669 Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

Cloudflare Wrangler directory traversal vulnerability

Impact The Wrangler command line tool [email protected] or [email protected] was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the...

CVE-2023-3348

The CVE-2023-3348 entry concerns the Cloudflare Wrangler CLI and its pages dev local development server. Affected components: Wrangler (<=3.1.0) and Wrangler (

CVE-2023-3348 Directory traversal vulnerability in Cloudflare Wrangler

The Wrangler command line tool [email protected] or [email protected] was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the local...

CVE-2023-34238

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

Design/Logic Flaw

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

CVE-2023-34238 Local File Inclusion vulnerability in Gatsby

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

CVE-2023-34238 Local File Inclusion vulnerability in Gatsby

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

Information Disclosure

gatsby-plugin-sharp is vulnerable to Information Disclosure. The vulnerability is due to a path traversal when running the Gatsby development server because it exposes several image processing functions which allows an attacker to gain access to arbitrary files on the host...

PHP Development Server Information Disclosure Vulnerability

PHP is a widely used general purpose scripting language that is particularly well suited for web development and can be embedded in HTML.An information disclosure vulnerability exists in PHP Development Server, which stems from a logic flaw in the php cli server begin send static when parsing htt...