Lucene search
K

188 matches found

CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

Spotipy 安全漏洞

Spotipy is spotipy-dev individual developer's lightweight Python library for the Spotify Web API. Spotipy suffers from a security vulnerability that stems from pullrequesttarget executing untrusted code in GitHub Actions, which could lead to credential disclosure and repository takeover...

9.1CVSS8.8AI score0.0052EPSS
Exploits0References3
OSV
OSV
added 2025/04/11 2:6 p.m.4 views

GHSA-356W-63V5-8WF4 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...

6CVSS6.7AI score0.01725EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2025/04/11 2:6 p.m.31 views

Vite has an `server.fs.deny` bypass with an invalid `request-target`

Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...

6CVSS6.4AI score0.01725EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/10 1:25 p.m.20 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6.8AI score0.01725EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/04/10 1:25 p.m.22 views

CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS0.01725EPSS
Exploits2References2
CVE
CVE
added 2025/04/10 1:25 p.m.1482 views

CVE-2025-32395

CVE-2025-32395 affects Vite (frontend tooling for JavaScript). The vulnerability arises when a dev server is exposed to the network on Node/Bun (not Deno) and a request-target containing a # is processed, bypassing server.fs.deny due to req.url handling. Affected versions prior to 6.2.6, 6.1.5, 6...

6CVSS6.5AI score0.01725EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from an external service interaction that does not restrict the request target...

8.8CVSS6.5AI score0.00379EPSS
Exploits1References2
Check Point Advisories
Check Point Advisories
added 2018/01/07 12:0 a.m.2 views

EFS Software Easy File Sharing Web Server vfolder.ghp Stack Buffer Overflow

A buffer overflow vulnerability exists in HTTP GET requests to EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on properly perform boundary checking on user input. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious HTTP...

1.2AI score
Exploits0
Rows per page
Query Builder