EUVD-2026-38378

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect...

CVE-2026-56326

Nuxt.js (versions 4.0.0–4.4.6 and 3.x up to 3.21.6) contains a server-side open redirect vulnerability in navigateTo due to improper validation of path-normalized payloads (e.g., /..//evil.com, /.//evil.com). Attackers can bypass external-host checks via path-normalization techniques to redirect ...

EUVD-2026-38375

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to...

Rockstar Games: Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.

In this report, the researcher identified an attack chain that could result in an attacker stealing sensitive user tokens such as Oauth tokens via full URL inclusion in the Referer header. One step of this attack involved an image injection exploit on localized versions of the games/info section ...

Rockstar Games: Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft

In this report, the researcher demonstrated a method to chain together separate vulnerabilities that, under certain conditions, could cause a user's Facebook Oauth tokens to leak via the Referer header. The specific vulnerability that was addressed in this report was the image injection component...