CVE-2025-64765

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values

Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the...

CVE-2025-64764

CVE-2025-64764 affects the Astro web framework. Prior to 5.15.8, the server islands feature enables a reflected XSS vulnerability that can allow remote attackers to run scripts in victims’ browsers. The issue is tied to how server islands are hydrated and how slots/element names are handled, enab...

PT-2025-47489

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.8 Description Astro versions prior to 5.15.8 contain a path normalization discrepancy between how the framework routes requests and how middleware validates them. Astro uses decodeURI to determine the route, while...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414519)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414519 advisory. pepsockaccept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. Tenable has extracted the preceding description block directly from the Uni...

EUVD-2021-31886

Malicious code in bioql PyPI...

Fedora: Security Advisory for qt5-qtbase (FEDORA-2023-f2965f082c)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-25634

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

Mageia: Security Advisory (MGASA-2022-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0050 Updated qtwebengine5 packages fix security vulnerability

The qtwebengine5 package has been updated to version 5.15.8, fixing several security issues in the bundled chromium code. See the referenced package announcement for details...