CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

EUVD-2025-198185

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.3, which stems from an arbitrary local file read vulnerability in the Image Optimization endpoint of the development server that could lead to information...

PT-2025-47487

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

Determine Linux OS for compliance development

This script will, if given a userid/password or key to the remote system, login to that system, determine if the OS is Linux, and for supported systems collect and save OS release. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and a...

CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...

CVE-2025-4321

The CVE-2025-4321 entry concerns Silabs RS9116W-WiSeConnect SDK used in Bluetooth devices. Affected component: the RS9116-WiseConnect SDK handling L2CAP; root cause is processing malformed L2CAP packets, leading to a Denial of Service. Impact as stated: device remains non-operational until a hard...

Moderate: Red Hat Security Advisory: java-25-openjdk security update

An update for java-25-openjdk is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Exploring AI in Steganography and Steganalysis: Trends, Clusters, and Sustainable Development Potential

Steganography and steganalysis are strongly related subjects of information security. Over the past decade, many powerful and efficient artificial intelligence AI - driven techniques have been designed and presented during research into steganography as well as steganalysis. This study presents a...

AVEVA Application Server 安全漏洞

AVEVA Application Server is an industrial automation real-time control platform from AVEVA UK. A security vulnerability exists in AVEVA Application Server that stems from a cross-site script injection issue in the IDE component that could lead to elevation of privilege...

CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting

The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...

CVE-2025-8386

CVE-2025-8386 relates to AVEVA Application Server IDE: an authenticated user with the privileges of “aaConfigTools” can tamper App Objects’ help files to inject persistent cross-site scripting (XSS). This is described as exploitable only during config-time operations in the IDE component; run-tim...

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

OESA-2025-2693 spdk security update

The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...

EUVD-2025-175382

Astro development server error page vulnerable to reflected Cross-site Scripting...

GHSA-W2VJ-39QV-7VH7 Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...

Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...