CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

GHSA-P6JQ-8VC4-79F6 Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival

Summary A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. Technical Details The vulnerability occurs in...

PT-2025-38250

Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.19.0 Nuxt versions prior to 4.1.0 Description: A client-side path traversal vulnerability exists in Nuxt's Island payload revival mechanism. This allows attackers to manipulate client-side requests to different...

GHSA-G5M6-HXPP-FC49 Sending a GET or HEAD request with a body crashes SvelteKit

Summary In SvelteKit 2 sending a GET request with a body eg to a SvelteKit app in preview or with adapter-node throws Request with GET/HEAD method cannot have body. and crashes the app. node:internal/deps/undici/undici:6066 throw new TypeError"Request with GET/HEAD method cannot have body."; ^...