Lucene search
+L

470 matches found

vulnersosv
vulnersosv
added 2026/05/19 8:3 p.m.7 views

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-46342 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-46342 Source advisory: SNYK:JS-NUXT-16770418...

5.4CVSS5.7AI score0.00091EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/19 8:3 p.m.7 views

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-46342 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-46342 Source advisory: OSV:GHSA-G8WJ-3CR3-6W7V...

5.4CVSS5.7AI score0.00091EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/19 8:3 p.m.7 views

@classement-des-associations/website-theme (=0.1.3), @geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4) +22 more potentially affected by CVE-2026-46342 via nuxt (>=3.1.2 <=3.20.1)

nuxt NPM version =3.1.2, =9.13.1, =0.20.1, =0.15.1, =0.13.1, =0.16.0, =0.10.1, =0.16.1, =0.13.0, =1.0.0-beta.1, =1.1.0-beta.1, =1.1.0-beta.3 and more Source cves: CVE-2026-46342 Source advisory: OSV:GHSA-G8WJ-3CR3-6W7V...

5.4CVSS5.4AI score0.00091EPSS
Exploits0
patchstack
patchstack
added 2026/05/19 8:3 p.m.11 views

NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...

5.8AI score0.00091EPSS
Exploits0References3Affected Software1
vulnersosv
vulnersosv
added 2026/05/19 8:3 p.m.8 views

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +16 more potentially affected by CVE-2026-46342 via @nuxt/nitro-server (>=4.2.0 <=4.4.5)

@nuxt/nitro-server NPM version =4.2.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.2.2-depup.0, =10.0.2, =1.1.11, =1.0.8, =0.4.5, =3.0.0-dev.27, =4.2.0, =0.5.0, =0.4.0, =0.1.13, =0.2.2 and more Source cves: CVE-2026-46342 Source advisory: SNYK:JS-NUXTNITROSERVER-16770417...

5.4CVSS5.7AI score0.00091EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/19 8:3 p.m.7 views

@classement-des-associations/website-theme (=0.1.3), @geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4) +22 more potentially affected by CVE-2026-46342 via nuxt (>=3.1.2 <=3.20.1)

nuxt NPM version =3.1.2, =9.13.1, =0.20.1, =0.15.1, =0.13.1, =0.16.0, =0.10.1, =0.16.1, =0.13.0, =1.0.0-beta.1, =1.1.0-beta.1, =1.1.0-beta.3 and more Source cves: CVE-2026-46342 Source advisory: SNYK:JS-NUXT-16770418...

5.4CVSS5.4AI score0.00091EPSS
Exploits0
snyk
snyk
added 2026/05/19 8:3 p.m.9 views

HTTP Request Smuggling

Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive...

5.8CVSS6AI score0.00091EPSS
Exploits0References4
github
github
added 2026/05/19 8:3 p.m.14 views

Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...

5.4CVSS6AI score0.00091EPSS
Exploits0References4Affected Software2
snyk
snyk
added 2026/05/19 3:51 p.m.9 views

Exposed Dangerous Method or Function

Overview @nuxt/webpack-builder is a Webpack bundler for Nuxt Affected versions of this package are vulnerable to Exposed Dangerous Method or Function when using webpack or rspack builder and navigating to a malicious website. An attacker can inject a script tag to request a classic script, which ...

5.9CVSS5.6AI score0.00325EPSS
Exploits1References2
osv
osv
added 2026/05/19 3:51 p.m.18 views

GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.0028EPSS
Exploits2References5
github
github
added 2026/05/19 3:51 p.m.15 views

Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)

Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...

5.9CVSS5.8AI score0.00208EPSS
Exploits1References5Affected Software2
patchstack
patchstack
added 2026/05/19 3:49 p.m.11 views

NPM: Nuxt: Reflected XSS in `navigateTo()` external redirect

NPM: Nuxt: Reflected XSS in navigateTo external redirect vulnerability discovered by ? in WordPress Npm nuxt versions = 3.4.3, = 3.21.5...

5.8AI score0.00164EPSS
Exploits1References3Affected Software1
vulnersosv
vulnersosv
added 2026/05/19 3:49 p.m.7 views

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-45669 Source advisory: SNYK:JS-NUXT-16770149...

5.4CVSS5.7AI score0.00164EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/19 3:49 p.m.6 views

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-45669 Source advisory: OSV:GHSA-FX6J-W5W5-H468...

5.4CVSS5.7AI score0.00164EPSS
Exploits1
osv
osv
added 2026/05/19 3:49 p.m.5 views

GHSA-FX6J-W5W5-H468 Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4
github
github
added 2026/05/19 3:49 p.m.75 views

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

5.4CVSS5.4AI score0.00164EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.27 views

PT-2026-42038

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.1.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description The '/ nuxt island/' endpoint accepts...

5.4CVSS5.2AI score0.00091EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.21 views

PT-2026-41962

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.4.3 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 Description When using the navigateTo function with the external: true option, the software generates a server-side HTML redirect body containing a tag. The destinati...

5.4CVSS5.1AI score0.00164EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.20 views

PT-2026-41963

Name of the Vulnerable Software and Affected Versions @nuxt/rspack-builder versions 3.15.4 through 3.21.5 @nuxt/rspack-builder versions 4.0.0-alpha.1 through 4.4.5 @nuxt/webpack-builder versions 3.15.4 through 3.21.5 @nuxt/webpack-builder versions 4.0.0-alpha.1 through 4.4.5 Description An...

5.9CVSS5.3AI score0.00208EPSS
Exploits1References9
circl
circl
added 2026/05/18 11:8 a.m.10 views

CVE-2026-47200

creationtimestamp| type| source ---|---|--- 2026-05-18 11:08:49+00:00| published-proof-of-concept| https://github.com/nuxt/nuxt/security/advisories/GHSA-hg3f-28rg-4jxj...

6.3CVSS5.8AI score0.0023EPSS
Exploits1References1
Rows per page
Query Builder