Basic Information Core Details: Site name, server info, domain names, etc. Modular Editing: Edit/save individual modules (e.g., basic info, server settings, domains) independently with real-time updates to reduce possible mistakes during configuration. Functional Configuration Manage Advanced Features in One Page Traffic Stats: One-click enable/disable traffic statistics and visit tracking, with...
Ano: 2025
Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
Vite Arbitrary File Read Vulnerability (CVE-2025-31125)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31125); Because the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs and read arbitrary files...
New UI for NSFOCUS WAF V6.0R09F00 – Experience a Smoother Site Management
NSFOCUS understands that the Security Operations team is facing increasing threats to their web applications and workloads are rising accordingly, a simple yet easy-to-use WAF has become more important than ever for effective Security Operations. The upcoming NSFOCUS Web Application Firewall (WAF) V6.0R09F00 (hereafter called as 6090) not only comprehensively...
Vite Arbitrary File Read vulnerability (CVE-2025-30208)
Overview Recently, NSFOCUS CERT detected that Vite issued a security announcement and fixed the arbitrary file reading vulnerability of Vite (CVE-2025-30208). Since the Vite development server does not strictly verify the path when processing URL requests, unauthenticated attackers can bypass path access restrictions by constructing special URLs to obtain sensitive...
Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)
Overview Recently, NSFOCUS CERT detected that Kubernetes issued a security announcement and fixed the Kubernetes Ingress-nginx remote code execution vulnerability (CVE-2025-1974). The Ingress controller deployed in Kubernetes Pod can be accessed through the network without authentication. When the Admission webhook is open, an unauthenticated attacker can remotely inject any nginx...
