Lucene search
+L

12 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/06/25 6:33 p.m.•10 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.12.tgz which is vulnerable to CVE-2025-31486. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-31486 DESCRIPTION: Vite is a frontend tooling...

5.3CVSS6.7AI score0.38685EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/06/16 10:41 p.m.•13 views

Security Bulletin: Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation (CVE-2025-31125, CVE-2025-32395, CVE-2025-31486).

Summary Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation CVE-2025-31125, CVE-2025-32395, CVE-2025-31486. Vite is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address these vulnerabilities...

7.5CVSS5.5AI score0.58765EPSS
Exploits13Affected Software1
GithubExploit
GithubExploit
•added 2025/04/11 9:35 a.m.•319 views

Exploit for CVE-2025-31486

CVE-2025-31486-PoC.py url !imagehttps://github.co...

5.3CVSS7AI score0.38685EPSS
Exploits7
Chainguard
Chainguard
•added 2025/04/07 1:13 p.m.•52 views

CVE-2025-31486 vulnerabilities

Vulnerabilities for packages: vitess, langfuse-fips, langfuse...

5.3CVSS6.6AI score0.38685EPSS
Exploits7
GithubExploit
GithubExploit
•added 2025/04/07 8:56 a.m.•393 views

Exploit for CVE-2025-31486

Disclaimer: The vulnerabilities described in this article, a...

5.3CVSS6.8AI score0.38685EPSS
Exploits7
RedhatCVE
RedhatCVE
•added 2025/04/05 6:35 p.m.•51 views

CVE-2025-31486

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS7.2AI score0.38685EPSS
Exploits7References6
vulnersOsv
vulnersOsv
•added 2025/04/04 2:20 p.m.•9 views

@angular/build (>=19.2.0 <=19.2.0-rc.0), @d-zero/builder (=5.0.0-alpha.39) +38 more potentially affected by CVE-2025-31486 via vite (>=6.1.0 <=6.1.3)

vite NPM version =6.1.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

5.3CVSS6.7AI score0.38685EPSS
Exploits7
vulnersOsv
vulnersOsv
•added 2025/04/04 2:20 p.m.•8 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-31486 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...

5.3CVSS6.7AI score0.38685EPSS
Exploits7
vulnersOsv
vulnersOsv
•added 2025/04/04 2:20 p.m.•6 views

@aicblock/cli (>=1.0.0 <=1.0.1), @angular/build (>=19.2.1 <=20.0.0-next.4) +39 more potentially affected by CVE-2025-31486 via vite (>=6.2.0 <=6.2.4)

vite NPM version =6.2.0, =1.0.0, =19.2.1, =0.55.0, =0.21.2-4.1, =1.0.0, =1.0.410, =3.8.0, =1.47.0, =5.0.0-alpha.40, =1.0.0-next.1, =3.0.0, =3.0.0-BETA.1 and more Source cves: CVE-2025-31486 Source advisory: OSV:GHSA-XCJ6-PQ6G-QJ4X...

5.3CVSS6.7AI score0.38685EPSS
Exploits7
NVD
NVD
•added 2025/04/03 7:15 p.m.•10 views

CVE-2025-31486

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS0.38685EPSS
Exploits7References3
CVE
CVE
•added 2025/04/03 6:24 p.m.•264 views

CVE-2025-31486

Vite is affected by a local-file–read bypass in the dev server when it is exposed to the network (e.g., started with --host or server.host). The flaw lets an attacker retrieve contents of arbitrary files smaller than build.assetsInlineLimit (default 4 kB) by crafting URLs using the ?.svg suffix a...

5.3CVSS7.2AI score0.38685EPSS
Exploits7References3
Cvelist
Cvelist
•added 2025/04/03 6:24 p.m.•27 views

CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS0.38685EPSS
Exploits7References3
Rows per page
Query Builder