Nuxt

Nuxt

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.1

CVE-2025-59414

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.09.2025 18:39:38
  • Zuletzt bearbeitet 03.12.2025 18:47:40

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints ...

7.5

CVE-2025-27415

  • EPSS 0.19%
  • Veröffentlicht 19.03.2025 19:02:04
  • Zuletzt bearbeitet 03.12.2025 18:44:15

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It ...

5.3

CVE-2025-24360

  • EPSS 0.25%
  • Veröffentlicht 25.01.2025 01:15:24
  • Zuletzt bearbeitet 25.01.2025 01:15:24

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with...

5.3

CVE-2025-24361

  • EPSS 0.16%
  • Veröffentlicht 25.01.2025 01:15:24
  • Zuletzt bearbeitet 25.01.2025 01:15:24

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web...

6.1

CVE-2024-34343

Exploit
  • EPSS 0.17%
  • Veröffentlicht 05.08.2024 21:15:38
  • Zuletzt bearbeitet 19.09.2024 19:57:52

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also...

8.8

CVE-2024-34344

  • EPSS 1.32%
  • Veröffentlicht 05.08.2024 21:15:38
  • Zuletzt bearbeitet 19.09.2024 20:58:01

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the s...

7.5

CVE-2024-42352

  • EPSS 0.09%
  • Veröffentlicht 05.08.2024 21:15:38
  • Zuletzt bearbeitet 19.09.2024 20:55:46

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperl...

8.8

CVE-2024-23657

Exploit
  • EPSS 1.62%
  • Veröffentlicht 05.08.2024 21:15:37
  • Zuletzt bearbeitet 20.09.2024 12:49:35

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of...

9.8

CVE-2023-3224

Exploit
  • EPSS 1.93%
  • Veröffentlicht 13.06.2023 18:15:22
  • Zuletzt bearbeitet 21.11.2024 08:16:44

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.

6.1

CVE-2023-0878

Exploit
  • EPSS 0.31%
  • Veröffentlicht 17.02.2023 01:15:10
  • Zuletzt bearbeitet 01.05.2025 15:14:21

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.