Lucene search
+L

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 12:25 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.10.tgz which is vulnerable to CVE-2025-32395. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-32395 DESCRIPTION: Vite is a frontend tooling...

6CVSS6.6AI score0.01725EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/16 10:41 p.m.12 views

Security Bulletin: Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation (CVE-2025-31125, CVE-2025-32395, CVE-2025-31486).

Summary Multiple security vulnerabilities in Vite affect IBM Robotic Process Automation CVE-2025-31125, CVE-2025-32395, CVE-2025-31486. Vite is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address these vulnerabilities...

7.5CVSS5.5AI score0.58765EPSS
Exploits13Affected Software1
GithubExploit
GithubExploit
added 2025/04/18 9:10 a.m.279 views

Exploit for CVE-2025-32395

CVE-2025-32395 CV...

6CVSS6.6AI score0.01725EPSS
Exploits2
Wolfi
Wolfi
added 2025/04/15 7:44 p.m.13 views

CVE-2025-32395 vulnerabilities

Vulnerabilities for packages: vitess...

6CVSS7.1AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.5 views

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-32395 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...

6CVSS6.5AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.7 views

@angular/build (>=19.2.0 <=19.2.0-rc.0), @d-zero/builder (=5.0.0-alpha.39) +38 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)

vite NPM version =6.1.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

6CVSS6.5AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/04/11 2:6 p.m.6 views

@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +403 more potentially affected by CVE-2025-32395 via vite (>=5.0.0 <=5.4.17)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-32395 Source advisory: OSV:GHSA-356W-63V5-8WF4...

6CVSS6.5AI score0.01725EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/04/11 8:57 a.m.8 views

CVE-2025-32395

A flaw was found in Vite. This vulnerability allows arbitrary file access via specially crafted HTTP requests containing a character in the request URL. The issue occurs when the server is run on Node.js or Bun and exposed to the network. Improper handling of invalid request lines allows these...

6.5CVSS6.5AI score0.01725EPSS
Exploits2References5
NVD
NVD
added 2025/04/10 2:15 p.m.11 views

CVE-2025-32395

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS0.01725EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/04/10 1:25 p.m.20 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6.8AI score0.01725EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/04/10 1:25 p.m.22 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS0.01725EPSS
Exploits2References2
OSV
OSV
added 2025/04/10 1:25 p.m.16 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6AI score0.01725EPSS
Exploits2References4
Circl
Circl
added 2025/04/10 7:7 a.m.18 views

CVE-2025-32395

creationtimestamp| type| source ---|---|--- 2025-04-10 07:07:20+00:00| published-proof-of-concept| https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4 2025-04-10 15:32:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmhta4azji2z 2025-04-10 17:52:04+00:00| seen|...

6CVSS6.3AI score0.01725EPSS
Exploits2References9
Rows per page
Query Builder