Lucene search
+L

317 matches found

Github Security Blog
Github Security Blog
added 2025/12/16 10:32 p.m.12 views

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...

7.5CVSS6.6AI score0.00573EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/12/16 6:44 p.m.2 views

Directory Traversal

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Directory Traversal via the /viterscfindSourceMapURL endpoint when processing HTTP requests containing a file:// URL in the filename query parameter. An attacker can...

8.7CVSS7.5AI score0.00573EPSS
Exploits0References2
CVE
CVE
added 2025/12/16 6:20 p.m.28 views

CVE-2025-68155

The CVE concerns @vitejs/plugin-rsc (used with Vite) in development mode. Prior to version 0.5.8, the endpoint /__vite_rsc_findSourceMapURL accepts a file:// URL in the filename query parameter, converts it to a filesystem path, and reads the target file without validating its location, returning...

7.5CVSS6.6AI score0.00573EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 6:20 p.m.6 views

EUVD-2025-203834

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sendi...

7.5CVSS6.5AI score0.00573EPSS
Exploits0References5
Hacker One
Hacker One
added 2025/11/30 12:7 a.m.26 views

curl: Path Traversal in file:// protocol allows Arbitrary File Read

Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...

6.7AI score
Exploits0
OSV
OSV
added 2025/10/31 2:13 p.m.5 views

OESA-2025-2593 firefox security update

Security Fixes: If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from differen...

8.8CVSS7.3AI score0.00619EPSS
Exploits0References5
OSV
OSV
added 2025/10/31 2:13 p.m.4 views

OESA-2025-2592 firefox security update

Security Fixes: If temporary one-time permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from differen...

8.8CVSS7.3AI score0.00619EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-1403

Malware in sbrugna...

6.5CVSS6.7AI score0.03075EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-1698

Malware in sbrugna...

7.1CVSS6.1AI score0.03013EPSS
Exploits2References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4523

Malware in sbrugna...

6.5CVSS6.5AI score0.00889EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2008-4889

Malware in sbrugna...

10CVSS6.2AI score0.10339EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-3821

Malware in sbrugna...

7.8CVSS7.7AI score0.01812EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2992

Malware in sbrugna...

4.3CVSS6.1AI score0.00642EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-2456

Malware in sbrugna...

5CVSS6.4AI score0.08538EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2009-2993

Malware in sbrugna...

4.3CVSS6.4AI score0.00788EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0048

Malware in sbrugna...

6.8CVSS6.9AI score0.07812EPSS
Exploits2References38
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-1749

Malware in sbrugna...

5CVSS6.4AI score0.01743EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-4828

Malware in sbrugna...

5CVSS6.1AI score0.00762EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2013-6289

Malware in sbrugna...

9.3CVSS6.1AI score0.03847EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0052

Malware in sbrugna...

6.8CVSS6.1AI score0.03247EPSS
Exploits1References8
Rows per page
Query Builder