Lucene search
K

84 matches found

OSV
OSV
added 2025/09/17 6:39 p.m.5 views

CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS6.3AI score0.00344EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in fornax-blitz-nuxtjs-spica (npm)

The package fornax-blitz-nuxtjs-spica was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.5 views

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

5.3CVSS7AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.2 views

CVE-2023-0878

Cross-site Scripting XSS - Generic in GitHub repository nuxt/framework prior to 3.2.1...

6.1CVSS6.4AI score0.00528EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:10 a.m.7 views

CVE-2022-4413

Cross-site Scripting XSS - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

6.1CVSS6.1AI score0.00509EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.7 views

CVE-2022-4414

Cross-site Scripting XSS - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

6.1CVSS6.1AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/21 10:24 p.m.21 views

CVE-2025-27415

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/19 7:54 p.m.34 views

Nuxt allows DOS via cache poisoning with payload rendering response

Summary By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/payload.json which will be rendered as JSON. If the CDN ...

7.5CVSS6.3AI score0.00364EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/19 7:2 p.m.13 views

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

7.5CVSS7.3AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/19 7:2 p.m.27 views

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

7.5CVSS0.00364EPSS
Exploits0References1
OSV
OSV
added 2025/03/19 7:2 p.m.4 views

CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

7.5CVSS6.6AI score0.00364EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.7 views

PT-2025-11961

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.16.0 Description Nuxt is an open-source web development framework for Vue.js. By sending a crafted HTTP request to a server behind a CDN, it is possible to poison the CDN cache, severely impacting the availability of a...

7.5CVSS6.3AI score0.00364EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2025/02/05 7:40 a.m.13 views

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS7AI score0.01143EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:26 a.m.9 views

CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

8.6CVSS8.3AI score0.00648EPSS
Exploits0References1
NVD
NVD
added 2025/01/25 1:15 a.m.14 views

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

5.3CVSS0.00529EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/25 12:53 a.m.25 views

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS0.00325EPSS
Exploits0References2
OSV
OSV
added 2025/01/25 12:53 a.m.27 views

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS6.7AI score0.00325EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/25 12:49 a.m.20 views

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

5.3CVSS0.00529EPSS
Exploits0References6
OSV
OSV
added 2025/01/25 12:49 a.m.12 views

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

5.3CVSS6.8AI score0.00529EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/25 12:0 a.m.5 views

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.0.0 through versions prior to 3.15.3, which stems from a potential source code theft during development if a victim opens a malicious website...

5.3CVSS6.7AI score0.00325EPSS
Exploits0References3
Rows per page
Query Builder