700 matches found
Hasura GraphQL Engine SQL注入漏洞
Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A SQL injection vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from the fact that SQL injection may result in local file reads...
Exploit for Improper Restriction of XML External Entity Reference in Apache Tika
CVE-2025-66516: Minimized Verification Environment This proje...
XML External Entity (XXE) Injection
peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...
Exploit for CVE-2021-43008
CVE-2021-43008 — Vulnérabilité Adminer Lecture arbi...
Exploit for CVE-2025-65482
CVE-2025-65482 XXE XML External Entity Injection XXE in...
CVE-2025-64757
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
Exploit for CVE-2025-13380
AI Engine for WordPress: ChatGPT, GPT Content Generator true,...
Astro Development Server has Arbitrary Local File Read
Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...
GHSA-X3H8-62X9-952G Astro Development Server has Arbitrary Local File Read
Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to t...
CVE-2025-64757
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757
Summary of CVE-2025-64757 (Astro) : The Astro development server’s image endpoint is vulnerable to arbitrary local file read via the href parameter in development mode, enabling an attacker to read image files accessible to the Node.js process. Affected: Astro v5.x development builds prior to 5.1...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
EUVD-2025-198185
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.3, which stems from an arbitrary local file read vulnerability in the Image Optimization endpoint of the development server that could lead to information...
PT-2025-47487
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
OESA-2025-2690 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
OESA-2025-2691 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
OESA-2025-2689 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...