177 matches found
Nuxt 信息泄露漏洞
Nuxt is a free open source framework from Nuxt Open Source. An information disclosure vulnerability exists in Nuxt versions 3.8.1 through prior to 3.15.3 that stems from a default CORS setting that allows any website to send any request to the development server and read the response...
Websites were able to send any requests to the development server and read the response in vite
Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. !WARNING This vulnerability even applies to users that only run the Vite dev server on the loc...
CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...
CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...
Vite 安全漏洞
Vite is a new front-end builder tool open-sourced by Vite. A security vulnerability exists in Vite that stems from default CORS settings and a lack of validation of the Origin header of a WebSocket connection, which allows any website to send any request to the development server and read the...
PT-2024-40057 · Ez Systems +3 · Ez Platform +4
Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns the handling of file uploads in eZ Platform and eZ Publish Legacy, potentially leading to remote code execution RCE if exploited. An attacker...
The vulnerability of the Vite application development local server, related to access control deficiencies, allows a hacker to execute arbitrary code.
The vulnerability of the Vite application development local server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
PT-2024-2962
Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.18 Vite versions prior to 3.2.10 Vite versions prior to 4.5.3 Vite versions prior to 5.0.13 Vite versions prior to 5.1.7 Vite versions prior to 5.2.6 Description: The issue is related to insufficient access control ...
PT-2024-12054 · Unknown · Ladle Dev Server
Name of the Vulnerable Software and Affected Versions: Ladle Dev Server versions 2.5.1 and earlier Description: A Directory Traversal issue allows an attacker on the same network to read files accessible to the user via GET requests. This can be exploited by sending requests to specific API...
The vulnerability of the server.transformIndexHtml() function on the local development server of the Vite application allows attackers to perform cross-site scripting attacks.
The vulnerability of the server.transformIndexHtml function on the local development server of the Vite application is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
Moderate: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
CVE-2023-42669 Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...
Cloudflare Wrangler directory traversal vulnerability
Impact The Wrangler command line tool [email protected] or [email protected] was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the...
CVE-2023-3348
The CVE-2023-3348 entry concerns the Cloudflare Wrangler CLI and its pages dev local development server. Affected components: Wrangler (<=3.1.0) and Wrangler (
CVE-2023-3348 Directory traversal vulnerability in Cloudflare Wrangler
The Wrangler command line tool [email protected] or [email protected] was affected by a directory traversal vulnerability when running a local development server for Pages wrangler pages dev command. This vulnerability enabled an attacker in the same network as the victim to connect to the local...
CVE-2023-34238
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
Design/Logic Flaw
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...