177 matches found
EUVD-2013-2449
Malware in sbrugna...
EUVD-2003-0101
Malware in sbrugna...
EUVD-2020-5137
Malware in sbrugna...
EUVD-2023-58908
Malicious code in bioql PyPI...
EUVD-2024-28061
Malicious code in bioql PyPI...
EUVD-2023-3224
Malicious code in bioql PyPI...
EUVD-2025-29112
Malicious code in bioql PyPI...
SUSE CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
DEBIAN-CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
UBUNTU-CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54291 Project existence disclosure in LXD images API
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
Malicious code in es6-http-status-codes (npm)
The package es6-http-status-codes was found to contain malicious code...
CVE-2023-46906
juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...
CVE-2021-38384
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...
Exploit for CVE-2025-46047
CVE-2025-46047 Silverpeas -u Example...
urllib3: Request body not stripped after redirect from 303 status changes request method to GET
A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...
CVE-2024-53262
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...
CVE-2024-53262
CVE-2024-53262 affects SvelteKit where the static error.html template renders placeholders for HTTP status and error.message without escaping. This can allow an attacker-provided error.message to inject content into the error page, yielding a template XSS risk for applications that include user i...
CVE-2024-53262 Unescaped error message included on error page in SvelteKit
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...
@sveltejs/kit has unescaped error message included on error page
Summary The static error.html template for errors contains placeholders that are replaced without escaping the content first. Details From https://kit.svelte.dev/docs/errors: error.html is the page that is rendered when everything else fails. It can contain the following placeholders:...