8737 matches found
CVE-2025-8386 AVEVA Application Server IDE Basic Cross-site Scripting
The vulnerability, if exploited, could allow an authenticated miscreant with privilege of "aaConfigTools" to tamper with App Objects' help files and persist a cross-site scripting XSS injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The...
CVE-2025-64745
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
OESA-2025-2693 spdk security update
The Storage Performance Development Kit provides a set of tools and libraries for writing high performance, scalable, user-mode storage applications. Security Fixes: Storage Performance Development Kit SPDK 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK -...
Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
EUVD-2025-175382
Astro development server error page vulnerable to reflected Cross-site Scripting...
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...
GHSA-W2VJ-39QV-7VH7 Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
CVE-2025-64745
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745
CVE-2025-64745 affects Astro’s development server only. When trailingSlash is enabled, the dev 404 page can reflect an attacker-controlled pathname and inject arbitrary JavaScript, enabling a reflected XSS in the victim’s browser. Affected versions: 5.2.0 up to 5.15.5; fixed in 5.15.6. Impact is ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
EUVD-2025-179300
Malicious code in development-warp-geoarchaeology-odin npm...
EUVD-2025-179298
Malicious code in development-xerxes-dagda-repository npm...
EUVD-2025-178515
Malicious code in holography-development-nightmare-uranology npm...
EUVD-2025-176670
Malicious code in resolvers-typeorm-dependencies-development npm...
EUVD-2025-179277
Malicious code in dorado-development-troposphere-futurology npm...
EUVD-2025-178953
Malicious code in express-standard-development-astrometry npm...
Malicious code in crust-mui-development-norma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66b16dfeb9cbb104d60dfcaa311925c95ada246aa8e45fc1c2e109c04f8e8b39 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-180091
Malicious code in betelgeuse-development-heliophysics-cordelia npm...