Lucene search
+L

165 matches found

nuclei
nuclei
added 13 hours ago11 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.00997EPSS
Exploits1References2
nessus
nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53331

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with...

6AI score0.00172EPSS
Exploits0References2
nvd
nvd
added 2026/07/01 2:16 p.m.8 views

CVE-2026-53332

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

0.00168EPSS
Exploits0References5
osv
osv
added 2026/07/01 2:16 p.m.4 views

UBUNTU-CVE-2026-53332

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

5.7AI score0.00168EPSS
Exploits0References7
euvd
euvd
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40966

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

5.8AI score0.00168EPSS
Exploits0References4
osv
osv
added 2026/07/01 1:32 p.m.4 views

CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

5.8AI score0.00168EPSS
Exploits0References8
nvd
nvd
added 2026/06/25 7:16 p.m.15 views

CVE-2026-56787

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

7.5CVSS0.00325EPSS
Exploits1References2
euvd
euvd
added 2026/06/25 6:12 p.m.8 views

EUVD-2026-39529

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

6.9CVSS6.2AI score0.00325EPSS
Exploits1References2
cve
cve
added 2026/06/25 6:12 p.m.21 views

CVE-2026-56787

RTKLIB 2.4.3 is affected by CVE-2026-56787 due to an off-by-one out-of-bounds read in the decode_ssr3 function (src/rtcm3.c:1446). The issue can be triggered by crafted RTCM3 SSR messages with attacker-controlled signal mode fields, allowing remote attackers to cause a global buffer overflow and ...

7.5CVSS6.2AI score0.00325EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/06/23 12:13 p.m.10 views

EUVD-2026-38436

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/23 12:13 p.m.40 views

CVE-2026-56301 Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS0.00103EPSS
Exploits0References4
ossf
ossf
added 2026/06/16 10:20 p.m.9 views

Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/16 10:20 p.m.8 views

MAL-2026-5934 Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
patchstack
patchstack
added 2026/06/16 1:47 p.m.13 views

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

6.1CVSS6AI score0.00205EPSS
Exploits0References10Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.10 views

CVE-2026-41321

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

2.2CVSS5.6AI score0.00199EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41322

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References1
nessus
nessus
added 2026/06/03 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-44573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n...

7.5CVSS5.8AI score0.00592EPSS
Exploits1References2
ossf
ossf
added 2026/05/19 12:0 a.m.21 views

Malicious code in @antv/g6-ssr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
osv
osv
added 2026/05/19 12:0 a.m.14 views

MAL-2026-4080 Malicious code in @antv/s2-ssr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
vulnersosv
vulnersosv
added 2026/05/18 9:0 p.m.5 views

@antv/gpt-vis (=0.5.0-beta.0), @antv/gpt-vis-ssr (>=0.1.0 <=0.3.8) +6 more potentially affected by unknown CVE via @antv/g6-ssr (>=0.0.16 <=0.1.1)

@antv/g6-ssr NPM version =0.0.16, =0.1.0, =0.0.1, =0.0.1, =0.2.1, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG6SSR-16754463...

5.5AI score
Exploits0
Rows per page
Query Builder