Lucene search
K

874 matches found

CVE
CVE
added 2026/06/23 12:13 p.m.16 views

CVE-2026-56301

Nuxt CVE-2026-56301 affects Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7. When running the development server (nuxt dev) on Linux, the vite-node IPC server is bound to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivilege...

6.8CVSS6AI score0.00103EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56301 Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6.1AI score0.00103EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 12:13 p.m.10 views

EUVD-2026-38436

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.39 views

CVE-2026-56301 Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS0.00103EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 6:16 p.m.12 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:10 p.m.4 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/06/22 4:10 p.m.215 views

CVE-2026-53571

CVE-2026-53571 affects the Vite dev server. On Windows, the denial mechanism implemented by the option server.fs.deny fails to normalize NTFS ADS path forms before access checks, allowing bypasses such as /.env::$DATA?raw and access via 8.3 short-name tricks. This can enable exposure of sensitive...

8.2CVSS5.9AI score0.00393EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2026/06/22 4:10 p.m.33 views

CVE-2026-53571 Vite: `server.fs.deny` bypass on Windows alternate paths

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits2References1
OSV
OSV
added 2026/06/22 4:10 p.m.3 views

CVE-2026-53571 Vite: `server.fs.deny` bypass on Windows alternate paths

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS6AI score0.00393EPSS
Exploits2References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:20 p.m.10 views

Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

6.5AI score
Exploits0References7
OSV
OSV
added 2026/06/15 11:33 p.m.10 views

MAL-2026-5850 Malicious code in vite-enhancer-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.13 views

Malicious code in vite-enhancer-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f95dc5a82c03457cbfab461f0b1775f3918589db6ac513342a1ec0dc1aacc1fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.12 views

Malicious code in vite-configu-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7755490e331340729b0f6eab38cac0857e0aea337579950f610e728b300367fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 11:33 p.m.12 views

MAL-2026-5849 Malicious code in vite-configu-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7755490e331340729b0f6eab38cac0857e0aea337579950f610e728b300367fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 8:5 p.m.26 views

GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

9.8CVSS5.8AI score0.00585EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.5 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.8 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.10 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

8.2CVSS5.8AI score0.00393EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:17 p.m.10 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.6 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

8.2CVSS5.8AI score0.00393EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder