Lucene search
K

5 matches found

Cvelist
Cvelist
added 2025/05/30 3:37 a.m.36 views

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

2.3CVSS0.00174EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/17 6:44 p.m.78 views

Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

4.8CVSS7AI score0.0103EPSS
Exploits0References8Affected Software1
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.16 views

MuteBond is susceptible to DOS

Lines of code Vulnerability details Proof of Concept Observe that if timeToTokens is called with locktime = 1 week, amount 52, it will return 0. function timeToTokensuint256 amount, uint256 locktime internal pure returns uint256 uint256 weektime = 1 weeks; uint256 maxlock = 52 weeks;...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.5 views

Malicious code in npm-run-lal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a01d99608ddf590892902356233f88556d85bedfaf6508f312e9b7d54a69c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/08/19 3:55 a.m.6 views

MAL-2022-4939 Malicious code in npm-run-lal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a01d99608ddf590892902356233f88556d85bedfaf6508f312e9b7d54a69c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder