8655 matches found
Relative Path Traversal
Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files...
Relative Path Traversal
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access...
CVE-2025-64757
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757
Summary of CVE-2025-64757 (Astro) : The Astro development server’s image endpoint is vulnerable to arbitrary local file read via the href parameter in development mode, enabling an attacker to read image files accessible to the Node.js process. Affected: Astro v5.x development builds prior to 5.1...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
EUVD-2025-198185
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.3, which stems from an arbitrary local file read vulnerability in the Image Optimization endpoint of the development server that could lead to information...
PT-2025-47487
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...
Determine Linux OS for compliance development
This script will, if given a userid/password or key to the remote system, login to that system, determine if the OS is Linux, and for supported systems collect and save OS release. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and a...
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...
CVE-2025-4321
The CVE-2025-4321 entry concerns Silabs RS9116W-WiSeConnect SDK used in Bluetooth devices. Affected component: the RS9116-WiseConnect SDK handling L2CAP; root cause is processing malformed L2CAP packets, leading to a Denial of Service. Impact as stated: device remains non-operational until a hard...
Moderate: Red Hat Security Advisory: java-25-openjdk security update
An update for java-25-openjdk is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Exploring AI in Steganography and Steganalysis: Trends, Clusters, and Sustainable Development Potential
Steganography and steganalysis are strongly related subjects of information security. Over the past decade, many powerful and efficient artificial intelligence AI - driven techniques have been designed and presented during research into steganography as well as steganalysis. This study presents a...
AVEVA Application Server 安全漏洞
AVEVA Application Server is an industrial automation real-time control platform from AVEVA UK. A security vulnerability exists in AVEVA Application Server that stems from a cross-site script injection issue in the IDE component that could lead to elevation of privilege...
CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting
The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...
CVE-2025-8386
CVE-2025-8386 relates to AVEVA Application Server IDE: an authenticated user with the privileges of “aaConfigTools” can tamper App Objects’ help files to inject persistent cross-site scripting (XSS). This is described as exploitable only during config-time operations in the IDE component; run-tim...
CVE-2025-64745
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
OESA-2025-2693 spdk security update
The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...