CVE-2026-46342

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

CVE-2026-45669

Nuxt.js (framework for Vue) versions 3.4.3–3.21.5/3.21.5? and 4.0.0-alpha.1–4.4.5 are affected by a reflected XSS in navigateTo(url, { external: true }) during server-side redirects, where the destination URL is sanitized only for quotes and can break out of content=

build.buf.prototype:connect-kotlin-protoc-gen-javalite-ext (=v0.0.0-test0120), build.buf:connect-kotlin-google-javalite-ext (>=0.0.0-230221 <=0.1.9) +43 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-javalite (>=3.21.0 <=3.21.6)

com.google.protobuf:protobuf-javalite MAVEN version =3.21.0, =0.0.0-230221, =2.15.3unofficial65, =2.15.3unofficial65, =7.0.0.0, =20.3.2, =20.3.2, =3.21.0, =2.15.0, =2.15.0, =2.19.0 - com.ingonoka:grpc-endpoint-authentication-android =v0.2 and more Source cves: CVE-2022-3509 Source advisory:...