EUVD-2025-12770

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565 vulnerability

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses vite-5.4.18.tgz CVE-2025-46565.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-46565 DESCRIPTION: Vite is a frontend tooling framework for javascrip...

CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...

PT-2025-18682

Name of the Vulnerable Software and Affected Versions Vite versions prior to 6.3.4 Vite versions prior to 6.2.7 Vite versions prior to 6.1.6 Vite versions prior to 5.4.19 Vite versions prior to 4.5.14 Description The issue concerns Vite, a frontend tooling framework for JavaScript. In affected...

CVE-2025-31125

Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. This vulnerability is fixed in 6.2.4, 6.1.3,...

PT-2025-13812

Name of the Vulnerable Software and Affected Versions Vite versions 4.5.11, 5.4.16, 6.0.13, 6.1.3, and 6.2.4 Description Vite, a frontend tooling framework for JavaScript, has an issue where it exposes the content of non-allowed files through the use of the ?inline&import or ?raw?import query...