Malicious code in gulp-nodejs-bellatrix-process (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a51c5af9497d648c837690d26c1883cd6827d6a576e08da0c2774ab1f1c3bf66 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability hub. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The repository includes a range of tools, such as Docker image builders, format checkers, and Markdown linters, as...