The vulnerability of the ASP.NET Core software platform and the Microsoft Visual Studio development environment, related to authentication bypass techniques, allows attackers to escalate their privileges.

The vulnerability of the ASP.NET Core software platform and the Microsoft Visual Studio development environment is related to the ability to bypass authentication. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

CVE-2025-31129

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129

Summary: CVE-2025-31129 affects the Jooby pac4j integration. In io.jooby.internal.pac4j.SessionStoreImpl#get, values are deserialized from untrusted data (notably for payloads starting with “b64~”), which can enable code execution. The issue is fixed in Jooby releases 2.17.0 (2.x stream) and 3.7....

CVE-2025-31129 jooby-pac4j: deserialization of untrusted data

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

[SECURITY] Fedora 41 Update: python-django-4.2.20-1.fc41

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 42 Update: python-django5-5.1.7-1.fc42

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cross-site Scripting (XSS)

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding of request parameters in the debug-mode error page. When the application runs with APPDEBUG=true and encounters an error, the...

The vulnerability of the org.springframework.web.multipart package in the Spring Web framework allows attackers to re-write files stored in web server directories.

The vulnerability of the org.springframework.web.multipart package in the Spring Web framework is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to re-upload files stored in the web server’s directory from a...

Azure Linux 3.0 Security Update: python-tensorboard / reaper (CVE-2024-43796)

The version of python-tensorboard / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43796 advisory. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user...

CVE-2022-24857

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

CVE-2024-22199

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2025-24360

CVE-2025-24360 affects the Nuxt framework (Vue.js) prior to v3.15.3, with v3.8.1–v3.15.3 vulnerable due to default CORS settings that allow any origin to send requests to the development server and read responses. Several sources corroborate that, when using the Vite builder with the default serv...

USN-7205-1: Django vulnerability

It was discovered that Django incorrectly handled certain IPv6 strings. An attacker could possibly use this issue to cause a denial of service...

Amazon Linux 2 : python3-tornado (ALAS-2025-2725)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2725 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Torna...

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56140

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56140

CVE-2024-56140 affects the Astro CSRF-protection middleware. A semicolon-delimited parameter after the Content-Type (e.g., application/x-www-form-urlencoded; abc) causes the request to be treated as a simple request, bypassing preflight validation and CSRF checks when security.checkOrigin is true...

CVE-2024-56140 Bypass of CSRF Middleware in Astro

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56140 Bypass of CSRF Middleware in Astro

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

OESA-2024-2541 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence ...