[SECURITY] Fedora 43 Update: nodejs-aw-webui-0^20260516.8d9a7f8-1.fc43

A web-based UI for ActivityWatch, built with Vue.js...

EUVD-2023-58005

Malicious code in bioql PyPI...

GHSA-79VF-HF9F-J9Q8 @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

web-flash 安全漏洞

web-flash is an open source web system based on Spring Boot and Vue.js by enilu. A security vulnerability exists in web-flash version 1.0, which originates from a cross-site scripting attack due to a misuse of the parameter File...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

CVE-2024-52809

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n or useI18n. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions...

CVE-2024-52809 Cross-site Scripting vulnerability with prototype pollution in vue-i18n

vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to createI18n or useI18n. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions...

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the...

CVE-2024-9506

A flaw was found in Vue.js. Within the parseHTML function of html-parser.ts, there is a regular expression regex to check for proper closing tags for HTML. However, due to an improperly written regex, when you pass a script containing long text, it will trigger a regular expression denial of...

CVE-2024-42352

CVE-2024-42352 concerns the Nuxt icon API exposed at /api/_nuxt_icon/[name]. The issue stems from how the proxied request path is parsed, allowing an attacker to change the scheme and host of the request via the new URL constructor, which tolerates poorly formatted URLs. This can enable SSRF, pot...

CVE-2024-42352 Server-Side Request Forgery (SSRF) in nuxt-icon

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

CVE-2024-42352 Server-Side Request Forgery (SSRF) in nuxt-icon

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

MAL-2024-3835 Malicious code in vue-call-object (npm)

--- -= Per source details. Do not edit below this line.=-...

Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

GHSA-X525-54HF-XR53 Blind XSS Leading to Froxlor Application Compromise

Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...

web-flash 安全漏洞

web-flash is an enilu open source web system based on Spring Boot and Vue.js. A security vulnerability exists in web-flash version v3.0, which originated from a vulnerability that allows an attacker to reset an arbitrary user's password via a crafted POST request...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

Code injection

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...