9 matches found
Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-24010. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-24010 DESCRIPTION: Vite is a frontend tooling...
Security Bulletin: A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010).
Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections CVE-2025-24010. Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the...
Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )
Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...
@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +391 more potentially affected by CVE-2025-24010 +1 more via vite (>=5.0.0 <=5.4.11)
vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-24010, CVE-2025-24360 Source advisory: OSV:GHSA-VG6X-RCGG-RJX6...
CVE-2025-24010 vulnerabilities
Vulnerabilities for packages: vitess, langfuse-fips, langfuse...
CVE-2025-24010 vulnerabilities
Vulnerabilities for packages: vitess...
CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...
CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and...
CVE-2025-24010
creationtimestamp| type| source ---|---|--- 2025-01-20 10:10:42+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6 2025-01-20 15:55:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113861495371199240 2025-01-20 16:01:41+00:00|...