Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Vitest.devVitest

2 matches found

CVE
CVEadded 2025/02/04 7:36 p.m.224 views

CVE-2025-24964

Vitest CVE-2025-24964 is a remotely exploitable CSWSH (Cross-site WebSocket hijacking) vulnerability in the Vitest API server when api is enabled. The WebSocket server did not validate Origin or enforce authorization, exposing saveTestFile (edits test files) and rerun (executes tests) APIs. An at...

9.6CVSS8.4AI score0.01938EPSS
CVE
CVEadded 2025/02/04 7:36 p.m.156 views

CVE-2025-24963

Vitest Browser Mode Local File Read (CVE-2025-24963): The __screenshot-error HTTP handler in Vitest’s browser mode can serve arbitrary files if the server is exposed to the network (browser.api.host: true). Root cause tied to commit 2d62051. Impact is reading arbitrary filesystem content; remedia...

7.5CVSS7.2AI score0.23641EPSS
In wild