Lucene search
K

168 matches found

NVD
NVD
added 2025/09/19 4:15 p.m.7 views

CVE-2025-59427

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS0.00358EPSS
Exploits0References4
CVE
CVE
added 2025/09/19 3:30 p.m.26 views

CVE-2025-59427

The Cloudflare Vite plugin is vulnerable when used in its default configuration, exposing all files on the local dev server (including root files like .env and .dev.vars) via the Workers runtime integration. Affected: Cloudflare Vite plugin within the Cloudflare Workers SDK. Root cause: default d...

6.3CVSS6AI score0.00358EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/19 3:30 p.m.4 views

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS6AI score0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/19 3:30 p.m.14 views

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

6.3CVSS0.00358EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/17 6:51 a.m.5 views

Directory Traversal

vite-plugin-static-copy is vulnerable to Directory Traversal. The vulnerability is due to improper access control because apps exposing the Vite dev server to the network --host or server.host config option allow attackers to retrieve arbitrary files by which an attacker can access arbitrary file...

6CVSS6.9AI score0.00394EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/09/12 4:49 p.m.2 views

MAL-2025-47107 Malicious code in vite-plugin-uni-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ff6cfac329bcb3bc726e87d12942ec29cd686c4d4e81223398ed26948b46e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/09/12 4:49 p.m.1 views

MAL-2025-47106 Malicious code in vite-plugin-morgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26f59edc4a049e09b7c58781c9ec1b0e28038561905195af89d655fedcd5b14a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/09/12 4:49 p.m.2 views

Malicious Package

Overview vite-plugin-morgan is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/12 4:49 p.m.2 views

Malicious code in vite-plugin-uni-i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ff6cfac329bcb3bc726e87d12942ec29cd686c4d4e81223398ed26948b46e39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/12 4:49 p.m.3 views

Malicious code in vite-plugin-morgan (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 26f59edc4a049e09b7c58781c9ec1b0e28038561905195af89d655fedcd5b14a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2025/08/21 4:15 p.m.6 views

CVE-2025-57753

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 4:3 p.m.3 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS7AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 4:3 p.m.11 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS0.00394EPSS
Exploits0References1
CVE
CVE
added 2025/08/21 4:3 p.m.18 views

CVE-2025-57753

The CVE-2025-57753 vulnerability affects vite-plugin-static-copy (a Rollup plugin for Vite). Affected versions allow a crafted HTTP request to access files not included in src when the Vite dev server is exposed to the network. Impact is information disclosure of files outside the intended direct...

6CVSS7AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/08/21 4:3 p.m.5 views

CVE-2025-57753 vite-plugin-static-copy files not included in `src` are accessible with a crafted request

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

6CVSS6.8AI score0.00394EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.6 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.6 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: OSV:GHSA-PP7P-Q8FX-2968...

6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.5 views

@apiida/vue-components (>=16.5.0 <=18.0.2), @axirs/storybook-template (>=1.0.0-beta-v2.0.0 <=1.0.0-beta-v2.1.2) +114 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=0.6.1 <=2.3.1)

vite-plugin-static-copy NPM version =0.6.1, =16.5.0, =1.0.0-beta-v2.0.0, =0.4.3, =1.0.4, =1.1.0, =0.20.1, =0.5.0, =0.0.1, =0.0.3, =0.3.0, =0.1.0, =0.2.21, =0.4.1 and more Source cves: CVE-2025-57753 Source advisory: SNYK:JS-VITEPLUGINSTATICCOPY-12179280...

6CVSS5.8AI score0.00394EPSS
Exploits0
Snyk
Snyk
added 2025/08/21 2:53 p.m.3 views

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

8.9CVSS7.7AI score0.00394EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/21 2:53 p.m.6 views

vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

6CVSS7.1AI score0.00394EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder