Lucene search
K

8 matches found

CVE
CVE
added 2025/05/01 5:20 p.m.628 views

CVE-2025-46565

CVE-2025-46565 (Vite) affects Vite < 6.3.4, < 6.2.7, < 6.1.6, < 5.4.19, and

6CVSS6.6AI score0.01077EPSS
CVE
CVE
added 2025/03/24 5:3 p.m.412 views

CVE-2025-30208

CVE-2025-30208 (Vite) : In affected Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10, an attacker can bypass file-access controls via URLs using trailing query markers (e.g., ?raw?? or ?import&raw??), causing arbitrary files to be exposed when the dev server is network-accessible. ...

7.5CVSS7.2AI score0.74998EPSS
Web
CVE
CVE
added 2025/01/20 3:53 p.m.398 views

CVE-2025-24010

CVE-2025-24010 affects Vite, a JavaScript frontend tooling framework. The flaw arises from permissive CORS settings and lack of Origin header validation for WebSocket connections, enabling unauthenticated cross-origin access to the development server. The vulnerability is mitigated by upgrades to...

6.5CVSS6.3AI score0.00283EPSS
CVE
CVE
added 2025/03/31 5:6 p.m.313 views

CVE-2025-31125

Summary of CVE-2025-31125 (Vite): Vite’s dev server, when exposed to the network (e.g., via --host or server.host), can disclose content of non-allowed files through URL modifiers like ?inline&import or ?raw?import. The issue is specific to Vite when the dev server is reachable externally; it doe...

7.5CVSS6.9AI score0.58765EPSS
In wild
CVE
CVE
added 2026/06/22 4:10 p.m.200 views

CVE-2026-53571

CVE-2026-53571 affects the Vite dev server. On Windows, the denial mechanism implemented by the option server.fs.deny fails to normalize NTFS ADS path forms before access checks, allowing bypasses such as /.env::$DATA?raw and access via 8.3 short-name tricks. This can enable exposure of sensitive...

8.2CVSS5.9AI score0.00393EPSS
CVE
CVE
added 2022/08/18 6:15 p.m.65 views

CVE-2022-35204

Vitejs Vite before v2.9.13 is vulnerable to directory traversal via a crafted URL to the victim’s service; update to v2.9.13 or later to resolve the issue (per PT-2022-22631).

4.3CVSS4.6AI score0.01077EPSS
CVE
CVE
added 2025/09/08 10:52 p.m.58 views

CVE-2025-58751

CVE-2025-58751 involves a path traversal issue in Vite Dev Server. The vulnerability affects apps that explicitly expose the Vite dev server to the network (using --host or server.host) and have the public directory feature enabled (default) with a symlink inside the public directory. In versions...

5.3CVSS6.4AI score0.0118EPSS
CVE
CVE
added 2025/09/08 10:56 p.m.52 views

CVE-2025-58752

Vite CVE-2025-58752 affects the dev and preview servers when exposed on the network: HTML files on the local machine could be served despite server.fs settings, depending on app exposure and appType configuration. Affected versions are <7.1.5, <7.0.7, <6.3.6, and

5.3CVSS6.3AI score0.00586EPSS