CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature

baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...

CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-43649 baserCMS CSRF vulnerability in Content preview Feature

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

USN-6414-2: Django vulnerabilities

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...

[SECURITY] Fedora 38 Update: python-pyramid-2.0.2-1.fc38

Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...

CVE-2023-36467

CVE-2023-36467 concerns AWS data.all, an open-source data marketplace framework. The connected sources confirm that versions 1.2.0 through 1.5.1 are vulnerable to remote code execution when an authenticated user injects Python commands into the Template field during data pipeline configuration. T...

CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

Apache StreamPark Input Validation Error Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from an input validation error vulnerability that stems from the fact that when a user modifies his or her profile, the username is passed as a paramet...

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or gain full control over the application using the HTT...

Oracle Fusion Middleware 输入验证错误漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. An input validation error vulnerability exists in the Oracle Applicati...

ThinkPHP SQL Injection Vulnerability (CNVD-2021-103660)

ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework from China Top Think Information Technology. thinkPHP has SQL injection vulnerability, there is no detailed vulnerability details provided...

Authentication flaw

Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...

CVE-2021-41265

CVE-2021-41265 affects Flask-AppBuilder prior to 3.3.4, due to an improper authentication vulnerability in the REST API. The issue allows a malicious actor to authenticate with a crafted request and access protected REST API endpoints, limited to non-database authentication types and new REST API...

The vulnerability of the Bluetooth Classic environment for developing IoT applications allows a intruder to trigger a service failure.

The vulnerability in the Bluetooth Classic environment for IoT application development, espressif esp-idf, relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure using a specially crafted LMP package...

Espressif ESP-IDF 代码注入漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China's Loxin Information Technology Espressif. A code injection vulnerability exists in the Espressif ESP-IDF that stems from the Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier versions not properly...

CVE-2021-37699

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly ha...

XSS Vulnerability in Disk Enterprise LCMS

Pan Enterprise LCMS is a lightweight PHP development framework . LCMS has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

PYSEC-2021-90

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...