This page collects WhisperX intelligence signals tagged #Frontend. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A security issue in the Factory contract allows an authorized user to spoof pool ownership, creating a risk of misattribution on the frontend dashboard. The `create_pool` function accepts an arbitrary address as the `creator` parameter, which is then broadcast in an event. This means the recorded creator is not necessa...
A critical security flaw has been identified in the application's frontend, exposing it to a DOM-based Cross-Site Scripting (XSS) attack. The vulnerability resides in the main application entry point, where unsanitized user-influenced data is directly injected into the DOM using the `innerHTML` property. This creates a...
A moderate-severity vulnerability in the esbuild bundler, transitively affecting Vite development servers, can expose local development responses. Tracked as GHSA-67mh-4wv8-2f99, this flaw is present in esbuild versions up to and including 0.24.2, which is pulled in by Vite versions starting from 5.4.21. The core risk ...
A critical security vulnerability exists within the WhisperX frontend codebase, where API responses are accepted without any runtime validation. The application uses TypeScript's `as` assertions, which are compile-time only, to cast incoming data. This creates a dangerous blind trust scenario where any malformed, compr...
A critical security flaw in the Capture-Eye modal component allows for arbitrary CSS injection through the `color` attribute. The vulnerability stems from the `color` value being passed directly to `this.style.setProperty('--primary-color', this._color)` without any input validation. This injection occurs at line 637 i...
A critical security vulnerability in Vite, the popular frontend build tool, has been patched in the newly released version 6. The flaw, tracked as CVE-2025-24010, allowed any website to send arbitrary requests to a developer's local Vite development server and read the responses. This represents a significant security ...
A critical security flaw with a maximum CVSS score of 9.8 has been identified in the widely used `style-loader` npm package version 1.3.0. This vulnerability is flagged as 'reachable,' meaning the exploit path is active within dependent applications, posing an immediate and severe risk to any project that has not updat...
A critical vulnerability in Storybook, a widely used frontend development tool, has been disclosed, exposing sensitive environment variables in published applications. The bug, tracked as CVE-2025-68429, resides in how Storybook processes environment variables defined in `.env` files. When a project is built and publis...
A recent automated security scan has uncovered two high-severity vulnerabilities within the frontend codebase of a recipe application, exposing potential attack vectors. The scan, conducted on April 11, 2026, flagged a High-risk issue in the Vite build tool (version 6.4.1, GHSA-p9ff-h696-f583) and a more severe Critica...
A critical security vulnerability in the Vite build tool, tracked as CVE-2024-45811, exposes a path traversal flaw that can leak sensitive files. The core issue is that the `@fs` protocol, designed to restrict file access, can be bypassed by appending `?import&raw` to a request URL. This bypass allows an attacker to re...
A critical security flaw has been identified in the frontend layer, where user-generated content is directly injected into JSON-LD structured data without sanitization. This vulnerability, located in the `src/app/berita/[slug]/page.tsx` file between lines 147-177, allows malicious scripts embedded in post titles and ex...
A high-severity cross-site scripting vulnerability has been identified in the frontend codebase of the homeschool-hero repository, according to an automated security scan. The finding, flagged by GitHub's CodeQL scanner on May 11, 2026, targets the FileUpload component located at `frontend/src/components/features/FileU...