188 matches found
Spotipy 安全漏洞
Spotipy is spotipy-dev individual developer's lightweight Python library for the Spotify Web API. Spotipy suffers from a security vulnerability that stems from pullrequesttarget executing untrusted code in GitHub Actions, which could lead to credential disclosure and repository takeover...
GHSA-356W-63V5-8WF4 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...
Vite has an `server.fs.deny` bypass with an invalid `request-target`
Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`
Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...
CVE-2025-32395
CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from an external service interaction that does not restrict the request target...
EFS Software Easy File Sharing Web Server vfolder.ghp Stack Buffer Overflow
A buffer overflow vulnerability exists in HTTP GET requests to EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on properly perform boundary checking on user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP...