8 matches found
EUVD-2026-36421
@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent incomplete fix for GHSA-6m52-m754-pw2g...
CVE-2026-49993
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...
CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
EUVD-2026-36419
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
CVE-2026-45670
Summary (CVE-2026-45670) Nuxt.js dev-server exposure issue affects @nuxt/webpack-builder and @nuxt/rspack-builder. An incomplete fix for GHSA-4gf7-ff8x-hq99 allowed source-code leakage when the dev server is bound to a non-loopback address (for example, nuxt dev --host) and a user visits a malici...
CVE-2026-45670 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...
PT-2026-47568
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
PT-2026-41963
Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...