Lucene search
K

8 matches found

NVD
NVD
added 2026/06/12 2:16 p.m.12 views

CVE-2026-46342

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

5.4CVSS0.00091EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 12:50 p.m.17 views

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS5.1AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:50 p.m.11 views

EUVD-2026-36418

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS5.1AI score0.00091EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 12:50 p.m.28 views

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

2.3CVSS0.00091EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 5:15 p.m.13 views

Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

6.3CVSS5.9AI score0.0023EPSS
Exploits1References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/05/19 8:3 p.m.14 views

Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...

5.4CVSS6AI score0.00091EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2020/06/10 8:2 p.m.7 views

app.io (>=0.0.1 <=0.0.4), feathers-validation (>=0.5.0 <=0.5.1) +6 more potentially affected by CVE-2019-10781 via schema-inspector (>=1.4.2 <=1.6.8)

schema-inspector NPM version =1.4.2, =0.0.1, =0.5.0, =3.8.1, =1.0.2, =1.0.0, =0.2.0, =0.5.0 Source cves: CVE-2019-10781 Source advisory: OSV:GHSA-R24H-634P-M72X...

9.8CVSS7.2AI score0.01392EPSS
Exploits0
Rows per page
Query Builder