Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14620

A flaw was found in webpack-dev-server. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, through cross-origin requests. By visiting a malicious website while the development server is...

4.7CVSS6AI score0.00116EPSS
Exploits0References5
Snyk
Snyk
added 4 days ago3 views

Cross-site Request Forgery (CSRF)

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the open-editor and invalidate endpoints. An attacker can open...

5.3CVSS6AI score0.00116EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-14620

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 4 days ago23 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 6:43 p.m.6 views

GHSA-Q4P8-8J9M-8HXJ Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

Impact A code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A...

8.8CVSS6.3AI score0.00167EPSS
Exploits0References5
Rows per page
Query Builder