Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity NHI Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used...

PT-2025-1943 · National Instruments · Ni Vision Builder Ai +1

Name of the Vulnerable Software and Affected Versions: NI Vision Builder AI affected versions not specified NI Vision Development Module affected versions not specified Description: The issue is related to the use of a third-party library for image processing in NI's vision software, which expose...

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

CVE-2025-24361

The CVE-2025-24361 issue affects Nuxt (Vue.js) dev-server workflow: when using webpack (3.0.0–3.15.12) or rspack (3.12.2–3.152) builders, loading a malicious site can trigger source-code exposure. Attacker can use Function::toString on window.webpackChunknuxt_app values to reveal the Nuxt source....

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.0.0 through versions prior to 3.15.3, which stems from a potential source code theft during development if a victim opens a malicious website...

Oracle Linux 8 / 9 : java-21-openjdk (ELSA-2025-0426)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-0426 advisory. 1:21.0.6.0.7-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.6.0.7-1 - Update to jdk-21.0.6+7 GA - Update release notes to 21.0.6+7 - Sync the cop...

PT-2025-3723 · Unknown · Usbxpress Sdk

Name of the Vulnerable Software and Affected Versions: USBXpress SDK affected versions not specified Description: The issue is caused by an uncontrolled search path in the USBXpress SDK installer, leading to DLL hijacking vulnerabilities. This can result in privilege escalation and arbitrary code...

Nuxt 信息泄露漏洞

Nuxt is a free open source framework from Nuxt Open Source. An information disclosure vulnerability exists in Nuxt versions 3.8.1 through prior to 3.15.3 that stems from a default CORS setting that allows any website to send any request to the development server and read the response...

GHSA-74J9-XHQR-6QV3 Reflected Cross Site Scripting (XSS) in error message

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message...

Reflected Cross Site Scripting (XSS) in error message

If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message...

Qt: Buffer Overflow

Background Qt is a cross-platform application development framework. Description When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens in XML body. Impa...

PT-2025-5632 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue occurs when a website is set to the "dev" environment mode. In this mode, if a URL containing an XSS payload is provided, the payload will be executed in the resulting error...

DRUPAL-CONTRIB-2025-007

This module enables you to render error pages using the Ignition package. The module disables certain Drupal core code and does not perform sufficient filtering, allowing HTML to be injected in certain situations leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated...

Moderate: Red Hat Security Advisory: java-17-openjdk security update for RHEL 8.4

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this...

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

Moderate: Red Hat Security Advisory: java-11-openjdk ELS security update

An update for java-11-openjdk with Extended Lifecycle Support is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit...

ALSA-2025:0426 Moderate: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...