Lucene search
K

6 matches found

Nuclei
Nuclei
added 9 hours ago38 views

Vite Dev Server - Path Traversal

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

5.3CVSS6.1AI score0.0118EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/09/09 8:55 p.m.6 views

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @aicblock/cli (>=1.0.0 <=1.0.1) +159 more potentially affected by CVE-2025-58751 via vite (>=6.0.0 <=6.3.5)

vite NPM version =6.0.0, =0.0.1, =1.0.0, =1.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =0.55.0, =0.21.2-4.1, =0.4.2, =0.1.10, =0.0.1, =1.0.0, =1.0.3 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

5.3CVSS6AI score0.0118EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/09/09 8:55 p.m.9 views

@altipla/directus-sdk-utils (=0.7.2), @angular/build (>=20.2.0 <=21.0.0-rc.1) +48 more potentially affected by CVE-2025-58751 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =2.19.8, =2.19.8, =14.314.0, =9.6.3, =0.0.12, =2.14.2, =2.14.4 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

5.3CVSS6AI score0.0118EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/09/09 8:55 p.m.11 views

@angular/build (>=20.1.0 <=20.2.0-next.2), @atomazing-org/super-app-host (>=0.0.4 <=0.0.8) +55 more potentially affected by CVE-2025-58751 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =0.0.1750946288791, =0.0.2, =0.0.7, =0.0.2, =0.0.1, =0.1.34, =0.1.35 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

5.3CVSS6AI score0.0118EPSS
Exploits1
NVD
NVD
added 2025/09/08 11:15 p.m.8 views

CVE-2025-58751

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

5.3CVSS0.0118EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/09/08 10:52 p.m.2 views

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

2.3CVSS6.4AI score0.0118EPSS
Exploits1References6
Rows per page
Query Builder