gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)

Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization Affected Component - github.com/pilinux/gorest — Go REST API boilerplate - InMemorySecret2FA — in-memory 2FA secret store...

Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery

Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - github.com/dhax/go-base — Go REST API boilerplate go-chi/jwtauth/v5, Viper, PostgreSQL/Bun - 1,685 stars on GitHub Vulnerability Locations | File | Line | Role | |------|------|------| | dev.env | 10 |...

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668

CVE-2026-44668 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Prior to version 1.8.3, the authentication gate for all Struts2 actions is implemented by AccessControlInterceptor and unconditionally calls invocation.invoke() without validating a session. Four methods i...

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

EUVD-2026-31944

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2026-44668

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

PT-2026-43346

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

Malicious Package

Overview typescript-react-redux-boilerplate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

4591-libs (>=0.0.1 <=0.2.0), @10abdullahbutt/nestjs-boilerplate (=0.0.1) +1494 more potentially affected by CVE-2026-3304 via multer (>=2.0.0-alpha.2 <=2.0.2)

multer NPM version =2.0.0-alpha.2, =0.0.1, =0.0.1-alpha.1, =0.0.1-alpha.9, =0.0.0-alpha.119, =1.2.1, =0.0.1, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.2, =0.0.10, =0.6.2 and more Source cves: CVE-2026-3304 Source advisory: SNYK:JS-MULTER-15365918...

AI Code in the Wild: Measuring Security Risks and Ecosystem Shifts of AI-Generated Code in Modern Software

Large language models LLMs for code generation are becoming integral to modern software development, but their real-world prevalence and security impact remain poorly understood. We present the first large-scale empirical study of AI-generated code AIGCode in the wild. We build a high-precision...

CVE-2025-64710

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

EUVD-2025-150357

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability

Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting XSS vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that compromise the security and integrity of web...

CVE-2025-64710

Summary: CVE-2025-64710 affects Bitplatform Boilerplate (Visual Studio/.NET template). The vulnerability resides in the WebInteropApp/WebAppInterop components and impacts versions prior to 9.11.3, enabling cross-site scripting (XSS). The issue allows injection of malicious scripts that compromise...