Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

178 matches found

Github Security Blog
Github Security Blogadded 2025/11/19 7:43 p.m.6 views

Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...

3.5CVSS6.9AI score0.00022EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2025/11/19 7:43 p.m.6 views

GHSA-X3H8-62X9-952G Astro Development Server has Arbitrary Local File Read

Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...

3.5CVSS6.8AI score0.00022EPSS
Exploits1References4
Snyk
Snykadded 2025/11/19 7:43 p.m.3 views

Relative Path Traversal

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access...

5.1CVSS6.6AI score0.00022EPSS
Exploits1References3
Snyk
Snykadded 2025/11/19 7:43 p.m.3 views

Relative Path Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files...

5.1CVSS6.7AI score0.00022EPSS
Exploits1References3
OSV
OSVadded 2025/11/13 10:38 p.m.3 views

GHSA-W2VJ-39QV-7VH7 Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...

2.7CVSS5.2AI score0.00038EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2025/11/13 10:38 p.m.5 views

Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...

6.1CVSS5.3AI score0.00038EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/24 4:25 p.m.9 views

CVE-2025-62713

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS8AI score0.00906EPSS
Exploits0References1
NVD
NVDadded 2025/10/23 5:15 p.m.4 views

CVE-2025-62713

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS0.00906EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/23 4:15 p.m.2 views

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS7.7AI score0.00906EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/23 4:15 p.m.6 views

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS0.00906EPSS
Exploits0References2
OSV
OSVadded 2025/10/23 4:15 p.m.4 views

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

9.2CVSS8.1AI score0.00906EPSS
Exploits0References4
CVE
CVEadded 2025/10/23 4:15 p.m.15 views

CVE-2025-62713

Kottster is a self-hosted Node.js admin panel. A pre-authentication remote code execution (RCE) vulnerability exists in development mode for versions 3.2.0–before 3.3.2; production deployments are unaffected. The issue allows code execution via development-mode behaviors, and has been fixed in ve...

9.2CVSS7.7AI score0.00906EPSS
Exploits0References2
Snyk
Snykadded 2025/10/23 4:1 p.m.2 views

Access Control Bypass

Overview @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering...

9.2CVSS7.5AI score0.00906EPSS
Exploits0References2
Snyk
Snykadded 2025/10/23 4:1 p.m.1 views

Access Control Bypass

Overview @kottster/server is an Instant admin panel for your project Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by...

9.2CVSS7.6AI score0.00906EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/10/23 4:1 p.m.7 views

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

9.2CVSS8.6AI score0.00906EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/10/23 4:1 p.m.5 views

GHSA-J3W7-9QC3-G96P Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

9.2CVSS8.6AI score0.00906EPSS
Exploits0References4
Snyk
Snykadded 2025/10/23 4:1 p.m.1 views

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

9.2CVSS7.6AI score0.00906EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/23 4:1 p.m.4 views

EUVD-2025-35701

Kottster app reinitialization can be re-triggered allowing command injection in development mode...

9.2CVSS6.9AI score0.00906EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/23 12:0 a.m.2 views

Kottster 访问控制错误漏洞

Kottster is an instant Node.js admin panel from kottster open source. It is secure, self-hosted and easy to set up. An access control error vulnerability exists in Kottster versions 3.2.0 through prior to 3.3.2, which stems from a pre-authenticated remote code execution vulnerability in developme...

9.2CVSS7.6AI score0.00906EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/23 12:0 a.m.4 views

PT-2025-43531

Name of the Vulnerable Software and Affected Versions Kottster versions 3.2.0 through 3.3.1 Description Kottster is a self-hosted Node.js admin panel. Versions 3.2.0 through 3.3.1 contain a pre-authentication remote code execution RCE vulnerability when running in development mode. Production...

9.2CVSS7.8AI score0.00906EPSS
Exploits0References14
Rows per page
Query Builder