Lucene search
+L

875 matches found

vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.7 views

org.webjars.npm:vitepress (=1.0.0-draft.8) potentially affected by CVE-2026-39365 via org.webjars.npm:vite (=3.0.0-beta.9)

org.webjars.npm:vite MAVEN version =3.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vite and may be impacted: - org.webjars.npm:vitepress =1.0.0-draft.8 Source cves: CVE-2026-39365 Source advisory:...

6.3CVSS5.8AI score0.00914EPSS
Exploits1
snyk
snyk
added 2026/04/06 6:3 p.m.10 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting ../ segments in...

6.3CVSS6.5AI score0.00914EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.8 views

@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1233 more potentially affected by CVE-2026-39365 via vite (>=8.0.1 <=8.0.3)

vite NPM version =8.0.1, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITE-15922213...

6.3CVSS5.7AI score0.00914EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.6 views

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +189 more potentially affected by CVE-2026-39365 via vite (>=7.0.1 <=7.3.1)

vite NPM version =7.0.1, =1.89.2, =20.1.3, =0.1.0, =0.0.4, =0.2.9, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.29.0 and more Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITE-15922213...

6.3CVSS5.7AI score0.00914EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.11 views

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +211 more potentially affected by CVE-2026-39365 via vite (>=7.0.0 <=7.3.1)

vite NPM version =7.0.0, =1.89.2, =20.1.0, =0.1.0, =0.0.4, =0.2.9, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.29.0 and more Source cves: CVE-2026-39365 Source advisory: OSV:GHSA-4W7W-66W2-5VF9...

6.3CVSS5.7AI score0.00914EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.7 views

@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39365 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39365 Source advisory: SNYK:JS-VITEPLUS-15922214...

6.3CVSS5.8AI score0.00914EPSS
Exploits1
snyk
snyk
added 2026/04/06 6:3 p.m.4 views

Directory Traversal

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting...

6.3CVSS6.5AI score0.00914EPSS
Exploits1References2
osv
osv
added 2026/04/06 6:3 p.m.17 views

GHSA-4W7W-66W2-5VF9 Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References8
github
github
added 2026/04/06 6:3 p.m.646 views

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Summary Any files ending with .map even out side the project can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - have a sensitive content in files...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References8Affected Software1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.14 views

@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1254 more potentially affected by CVE-2026-39364 via vite (>=8.0.0 <=8.0.3)

vite NPM version =8.0.0, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39364 Source advisory: OSV:GHSA-V2WJ-Q39Q-566R...

8.2CVSS5.7AI score0.02095EPSS
Exploits1
github
github
added 2026/04/06 6:3 p.m.210 views

Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7Affected Software1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.8 views

@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1254 more potentially affected by CVE-2026-39364 via vite (>=8.0.0 <=8.0.3)

vite NPM version =8.0.0, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITE-15922245...

8.2CVSS5.7AI score0.02095EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.7 views

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +172 more potentially affected by CVE-2026-39364 via vite (>=7.1.0 <=7.3.1)

vite NPM version =7.1.0, =1.89.2, =20.2.0, =0.1.0, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.29.0 and more Source cves: CVE-2026-39364 Source advisory: OSV:GHSA-V2WJ-Q39Q-566R...

8.2CVSS5.7AI score0.02095EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.12 views

@slidev-react/cli (>=0.4.6 <=0.4.14), @slidev-react/node (>=0.4.6 <=0.4.14) potentially affected by CVE-2026-39364 via vite-plus (=0.1.11)

vite-plus NPM version =0.1.11 is affected by a known vulnerability. The following packages have a transitive dependency on vite-plus and may be impacted: - @slidev-react/cli =0.4.6, =0.4.6, =0.4.14 Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITEPLUS-15922246...

8.2CVSS5.8AI score0.02095EPSS
Exploits1
snyk
snyk
added 2026/04/06 6:3 p.m.5 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

8.2CVSS5.7AI score0.02095EPSS
Exploits1References2
snyk
snyk
added 2026/04/06 6:3 p.m.9 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

8.2CVSS5.7AI score0.02095EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.6 views

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +172 more potentially affected by CVE-2026-39364 via vite (>=7.1.0 <=7.3.1)

vite NPM version =7.1.0, =1.89.2, =20.2.0, =0.1.0, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.29.0 and more Source cves: CVE-2026-39364 Source advisory: SNYK:JS-VITE-15922245...

8.2CVSS5.7AI score0.02095EPSS
Exploits1
osv
osv
added 2026/04/06 6:3 p.m.4 views

GHSA-V2WJ-Q39Q-566R Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7
github
github
added 2026/04/06 6:3 p.m.112 views

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

Summary server.fs check was not enforced to the fetchModule method that is exposed in Vite dev server's WebSocket. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - WebSocket is no...

8.2CVSS6.2AI score0.02907EPSS
Exploits3References8Affected Software1
vulnersosv
vulnersosv
added 2026/04/06 6:3 p.m.7 views

@11ty/eleventy-plugin-vite (>=8.0.0 <=8.0.0-alpha.2), @17sierra/config (=0.1.0) +1254 more potentially affected by CVE-2026-39363 via vite (>=8.0.0 <=8.0.3)

vite NPM version =8.0.0, =8.0.0, =0.0.1, =0.1.9, =0.0.15-0.1, =0.0.42, =0.1.8, =0.0.1-bate.2, =0.1.0, =0.1.0, =0.0.8, =0.0.9 - @adhisang/minecraft-modding-mcp =1.0.0 and more Source cves: CVE-2026-39363 Source advisory: OSV:GHSA-P9FF-H696-F583...

8.2CVSS5.7AI score0.02907EPSS
Exploits3
Rows per page
Query Builder