CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

SUSE CVE-2026-6402

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

CVE-2026-25431

Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...

CVE-2026-6402

A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remote attacker can exploit a cross-origin source code exposure vulnerability. This allows a malicious website, visited by a developer, to load the bundled application source code as a script and read ...

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. ...

10up-toolkit (=6.5.1), @1fe/cli (>=0.0.1 <=0.1.5) +1229 more potentially affected by CVE-2025-30359 +1 more via webpack-dev-server (>=5.0.0 <=5.2.3)

webpack-dev-server NPM version =5.0.0, =0.0.1, =0.0.1, =5.0.0, =1.0.0, =1.0.0, =1.0.0-alpha.203, =1.0.0-alpha.12, =1.0.0-alpha.203, =1.0.0, =0.1.0, =0.0.1, =0.0.4, =0.0.34 and more Source cves: CVE-2025-30359, CVE-2026-6402 Source advisory: SNYK:JS-WEBPACKDEVSERVER-16642067...

Exposed Dangerous Method or Function

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...

CVE-2026-6402

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

CVE-2026-6402

The CVE-2026-6402 entry concerns webpack-dev-server (versions up to 5.2.3) and a cross-origin source code exposure when served over non-HTTPS/or untrusted origins. The root cause is that the prior fix relied on Sec-Fetch-Mode and Sec-Fetch-Site headers, which browsers omit for non-trustworthy ori...

CVE-2026-6402

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for...

@solidjs-email/dev-server (=2.0.0), @tanstack/solid-start (>=1.20.3-alpha.1 <=1.167.62) potentially affected by unknown CVE via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.20.3-alpha.1, =1.167.62 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3485...

@solidjs-email/dev-server (=2.0.0) potentially affected by unknown CVE via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3484...

PT-2026-39959

Name of the Vulnerable Software and Affected Versions webpack-dev-server versions prior to 5.2.4 Description Cross-origin source code exposure occurs when serving over a non-potentially trustworthy origin, such as plain HTTP. The issue arises because the previous fix relied on Sec-Fetch-Mode and...

webpack-dev-server 安全漏洞

webpack-dev-server is an open-source application developed by webpack. Versions of webpack-dev-server prior to version 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from exposure to cross-origin code. When it provided services through non-potentially trusted sources, suc...

@antidrawapp/runtime (>=0.1.0 <=0.1.1), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +98 more potentially affected by CVE-2026-45321 via @tanstack/history (>=1.0.0 <=1.15.13)

@tanstack/history NPM version =1.0.0, =0.1.0, =1.0.0, =0.6.2, =0.6.2, =0.1.1, =0.1.1, =0.6.2, =0.2.2, =0.3.0, =0.6.0, =0.2.2, =1.0.0, =1.0.9, =1.1.0, =1.1.2, =1.6.2 and more Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKHISTORY-16640204...

@solidjs-email/dev-server (=2.0.0) potentially affected by CVE-2026-45321 via @tanstack/solid-start (=1.167.62)

@tanstack/solid-start NPM version =1.167.62 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/solid-start and may be impacted: - @solidjs-email/dev-server =2.0.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTART-16640237...