#vulnerability

### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. ### PoC ```bash $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev $ echo "top secret content" > /tmp/secret.txt # expected behaviour $ curl "http://localhost:5173/@fs/tmp/secret.txt" <body> <h1>403 Restricted</h1> <p>The request url &quot;/tmp/secret.txt&quot; is outside of Vite serving allow list. # security bypassed $ curl "http://localhost:517...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inaba Denki Sangyo Co., Ltd. Equipment: CHOCO TEI WATCHER mini Vulnerabilities: Use of Client-Side Authentication, Storing Passwords in a Recoverable Format, Weak Password Requirements, Direct Request ('Forced Browsing') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain the product's login password, gain unauthorized access, tamper with product's data, and/or modify product settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CHOCO TEI WATCHER are affected: CHOCO TEI WATCHER mini (IB-MCT001): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF CLIENT-SIDE AUTHENTICATION CWE-603 The affected product is vulnerable to a use of client-side authentication vulnerability, which may allow an attacker to obtain the product's login password without authentication. CVE-2025-24517 has been assigned to this vulnerabil...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: High attack complexity Vendor: Rockwell Automation Equipment: 440G TLS-Z Vulnerability: Improper Neutralization of Special Elements in Output Used by a Downstream Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take over the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following products are affected by a vulnerability because they use STMicroelectronics STM32L4 devices: 440G TLS-Z: Version v6.001 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT CWE-74 A local code execution vulnerability exists in the STMicroelectronics STM32L4 devices due to having incorrect access controls. The affected product utilizes the STMicroelectronics STM32L4 device and because of the vulnerability, a threat actor could reverse protections that control access to the JTAG interface. If exploited, ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Improper Validation of Specified Type of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative access to run arbitrary commands in the context of the container running the service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of Verve Asset Manager are affected: Verve Asset Manager: Versions 1.39 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VALIDATION OF SPECIFIED TYPE OF INPUT CWE-1287 A vulnerability exists in the affected product due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Active Directory Interface (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allo...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: RMC-100 Vulnerability: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted message to the web UI, causing a temporary denial of service until the interface can be restarted. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the following products are affected when the REST interface is enabled: RMC-100: Versions 2105457-036 to 2105457-044 RMC-100 LITE: Versions 2106229-010 to 2106229-016 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPERLY CONTROLLED MODIFICATION OF OBJECT PROTOTYPE ATTRIBUTES ('PROTOTYPE POLLUTION') CWE-1321 A vulnerability exists in the web UI (REST interface) included in the product versions listed above. An attacker could exploit the vulnerability by sending a specially crafted message to the w...

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)