Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/03/12 8:32 p.m.9 views

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

9.6CVSS5.9AI score0.00535EPSS
Exploits1References6Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2019-0183

Malware in sbrugna...

7.5CVSS7.4AI score0.02434EPSS
Exploits1References9
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-7270

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00959EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2025/07/08 7:7 p.m.5 views

Cloudflare Vite plugin exposes secrets over the built-in dev server

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

6.3CVSS6.6AI score0.00358EPSS
Exploits0References6Affected Software1
Veracode
Veracodeadded 2025/06/05 11:21 a.m.8 views

Exposed Dangerous Method Or Function

webpack-dev-server is vulnerable to source code exposure. The vulnerability is due to lack of proper origin checks due to requests for classic scripts not being subject to the same-origin policy, allowing attackers to inject malicious scripts that extract source code if the port and script path a...

5.9CVSS6.9AI score0.00427EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.3 views

PT-2025-23648 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to steal users' source code when they access a malicious website. This is possible because the request for a classic script by a script tag is not subject to...

5.3CVSS6.1AI score0.00427EPSS
Exploits1References11
Positive Technologies
Positive Technologiesadded 2025/06/03 12:0 a.m.4 views

PT-2025-23649 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to obtain source code via a method similar to that used to exploit a previously reported vulnerability. This is possible because webpack-dev-server always...

6.5CVSS7.3AI score0.00287EPSS
Exploits1References11
Vulnrichment
Vulnrichmentadded 2022/12/21 11:14 p.m.6 views

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS7.5AI score0.01343EPSS
Exploits1References3
Rows per page
Query Builder