Lucene search
K

168 matches found

NVD
NVD
added 2025/12/09 9:16 p.m.6 views

CVE-2025-67489

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

9.8CVSS0.00706EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 8:54 p.m.17 views

CVE-2025-67489 @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC...

9.8CVSS0.00706EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50276

Name of the Vulnerable Software and Affected Versions @vitejs/plugin-rs versions 0.5.5 and below Description The @vitejs/plugin-rs software, which provides React Server Components RSC support for Vite, contains a flaw that could allow for arbitrary remote code execution on the development server...

9.8CVSS7.7AI score0.00706EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Vite Plugin React 代码注入漏洞

Vite Plugin React is an open source plugin for Vite. A code injection vulnerability exists in Vite Plugin React 0.5.5 and earlier versions, which stems from an insecure dynamic import in the Server Functions API that could lead to remote code execution...

9.8CVSS7.9AI score0.00706EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/08 10:16 p.m.3 views

Arbitrary Code Injection

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...

9.8CVSS7.7AI score0.00706EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/12/08 10:16 p.m.11 views

@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

Summary Arbitrary Remote Code Execution on development server via unsafe dynamic imports in @vitejs/plugin-rsc server function APIs loadServerAction, decodeReply, decodeAction when integrated into RSC applications that expose server function endpoints. Impact Attackers with network access to the...

9.8CVSS7.9AI score0.00706EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/03 7:7 p.m.5 views

GHSA-FMH4-WR37-44FP React Server Components are Vulnerable to RCE

Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...

10CVSS8.6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/03 7:7 p.m.11 views

React Server Components are Vulnerable to RCE

Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...

8.8AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/11/24 4:24 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 2:19 p.m.4 views

EUVD-2025-198722

Malicious code in @ensdomains/vite-plugin-i18next-loader npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/11/24 2:19 p.m.2 views

MAL-2025-190741 Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473280de7d29dd017bfa50f0826a0aa810d204a6949fe49d6753ff28ff61d505 The package @ensdomains/vite-plugin-i18next-loader was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 2:19 p.m.7 views

Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473280de7d29dd017bfa50f0826a0aa810d204a6949fe49d6753ff28ff61d505 The package @ensdomains/vite-plugin-i18next-loader was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 1:33 p.m.4 views

MAL-2025-190787 Malicious code in vite-plugin-httpfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 1:33 p.m.7 views

Malicious code in vite-plugin-httpfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d63741ea6b6aadbc224aabf56e98c5eb7b664d7554dbb502869a97ffffb2f46 The package vite-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 1:33 p.m.6 views

EUVD-2025-198792

Malicious code in vite-plugin-httpfile npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 12:4 a.m.5 views

Malicious code in vite-plugin-postcss-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4552bafe10098b91c4ce3128c885efb1c472d7f7c18b7bca5d2b174ed097e396 The package vite-plugin-postcss-tools was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/11 12:4 a.m.4 views

EUVD-2025-50835

Malicious code in vite-plugin-postcss-tools npm...

6.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/28 1:39 a.m.1 views

EUVD-2025-36421

Malicious code in vite-plugin-es6-compat npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/28 1:39 a.m.9 views

Malicious code in vite-plugin-es6-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/10/28 1:39 a.m.4 views

MAL-2025-48915 Malicious code in vite-plugin-es6-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3963df81ab545839d03c3c54ab9ee88549e38a44b32fe6ad05002d554da780b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
Rows per page
Query Builder