Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 10 hours ago21 views

CVE-2026-47200

Nuxt CVE-2026-47200 affects Nuxt 3.11.0–3.21.5 and 4.0.0-alpha.1–4.4.5 with experimental.componentIslands enabled. Server islands under /_nuxt_island/page * for .server.vue pages could bypass route middleware, exposing server-rendered content without Vue Router middleware running. Patch applied i...

6.3CVSS5.2AI score
Exploits0References2
Cvelist
Cvelistadded 10 hours ago6 views

CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS
Exploits0References2
Snyk
Snykadded 2026/05/29 5:15 p.m.5 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the route middleware. An attacker can gain unauthorized access to server-rendered page content by directly requesting the /nuxtisland/page endpoint, bypassing authentication or...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snykadded 2026/05/29 5:15 p.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the route middleware. An attacker can gain unauthorized access to server-rendered page content by directly requesting...

6.3CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2026/05/29 5:15 p.m.4 views

GHSA-HG3F-28RG-4JXJ Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

6.3CVSS5.9AI score
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score
Exploits0References6
Huntr
Huntradded 2023/02/06 10:20 a.m.9 views

CSS injection using component islands and useHead

Description After a component island render, the resulting head is regex'd for tags. This regex is not very robust and can be tricked, allowing for CSS injection. Proof of Concept app.vue vue Nuxt 3 Playground const title = ref nuxt.config.ts ts export default defineNuxtConfig experimental:...

6.4AI score
Exploits0References1
Rows per page
Query Builder