Lucene search
K

84 matches found

EUVD
EUVD
added 2026/06/12 12:51 p.m.6 views

EUVD-2026-36419

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS5.2AI score0.00208EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48868

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.6 @nuxt/rspack-builder versions 4.0.0 through 4.4.6 @nuxt/webpack-builder versions 3.15.4 through 3.21.6 @nuxt/webpack-builder versions 4.0.0 through 4.4.6 Description An incomplete fix in the...

5.9CVSS5.3AI score0.0028EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48881

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 3.21.7 Nuxt versions prior to 4.4.7 Description The component fails to validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. If an...

5.4CVSS5AI score0.00198EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48880

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.6 Nuxt versions 4.0.0 through 4.4.6 Description A route-rule middleware bypass exists due to a case-sensitivity mismatch between vue-router and the routeRules matcher. Recommendations Update to version 3.21.7...

8.8CVSS5.2AI score0.00294EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 3:51 p.m.14 views

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.00208EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-41962

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.4.3 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 Description When using the navigateTo function with the external: true option, the software generates a server-side HTML redirect body containing a tag. The destinati...

5.4CVSS5.1AI score0.00164EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.4 views

CVE-2026-41248

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.2AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 9:4 p.m.5 views

CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...

9.1CVSS5.2AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.15 views

CVE-2024-34344

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

8.8CVSS7.9AI score0.00781EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-178263

Malicious code in joviology-nuxtjs-ursa-lacerta npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-124257

Malicious code in nova-postcss-loader-nuxtjs-duplex npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-113424

Malicious code in framework-nuxtjs-sedna-build npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2661

Malicious code in bioql PyPI...

6.3CVSS6.3AI score0.00411EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2564

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00648EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12868

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00528EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-2646

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.01143EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2657

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00781EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-51758

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00509EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-51759

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00443EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 6:39 p.m.5 views

CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS6.3AI score0.00347EPSS
Exploits1References4
Rows per page
Query Builder