https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 17:15:00 +0000 https://vulnerability.circl.lu/sighting/a189f793-a93a-4f68-9fb5-07571612fbbf/export {"uuid": "a189f793-a93a-4f68-9fb5-07571612fbbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-859W-5945-R5V3", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46565\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14.\n\ud83d\udccf Published: 2025-05-01T17:20:29.773Z\n\ud83d\udccf Modified: 2025-05-02T17:38:55.291Z\n\ud83d\udd17 References:\n1. https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3\n2. https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb", "creation_timestamp": "2025-05-02T18:19:55.000000Z"} {"uuid": "a189f793-a93a-4f68-9fb5-07571612fbbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-859W-5945-R5V3", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46565\n\ud83d\udd25 CVSS Score: 6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14.\n\ud83d\udccf Published: 2025-05-01T17:20:29.773Z\n\ud83d\udccf Modified: 2025-05-02T17:38:55.291Z\n\ud83d\udd17 References:\n1. https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3\n2. https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb", "creation_timestamp": "2025-05-02T18:19:55.000000Z"} https://vulnerability.circl.lu/sighting/a189f793-a93a-4f68-9fb5-07571612fbbf/export Fri, 02 May 2025 18:19:55 +0000 https://vulnerability.circl.lu/sighting/44e0563a-5add-42ca-9669-ba3ed35ec75b/export {"uuid": "44e0563a-5add-42ca-9669-ba3ed35ec75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-859w-5945-r5v3", "type": "seen", "source": "https://bsky.app/profile/mynameisv.bsky.social/post/3lofscowf6k2y", "content": "", "creation_timestamp": "2025-05-05T07:01:24.697161Z"} {"uuid": "44e0563a-5add-42ca-9669-ba3ed35ec75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-859w-5945-r5v3", "type": "seen", "source": "https://bsky.app/profile/mynameisv.bsky.social/post/3lofscowf6k2y", "content": "", "creation_timestamp": "2025-05-05T07:01:24.697161Z"} https://vulnerability.circl.lu/sighting/44e0563a-5add-42ca-9669-ba3ed35ec75b/export Mon, 05 May 2025 07:01:24 +0000