EUVD-2025-32498

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

PT-2025-40861

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application reveals full stacktraces when errors occur. These stacktraces contain internal details like class and method names, potentially exposing...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-49.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

A Comprehensive Survey in LLM(-Agent) Full Stack Safety: Data, Training and Deployment

The remarkable success of Large Language Models LLMs has illuminated a promising pathway toward achieving Artificial General Intelligence for both academic and industrial communities, owing to their unprecedented performance across various applications. As LLMs continue to gain prominence in both...

[SECURITY] Fedora 41 Update: python3.9-3.9.21-4.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 41 Update: python3.9-3.9.21-1.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

The vulnerability of the component set in the full stack for rapid development of the Filament PHP framework Laravel, related to insecure resource initialization, allows attackers to exploit it to disclose sensitive information.

The vulnerability of the component set of the full stack for the accelerated development of the Filament PHP framework Laravel is related to an insecure initialization of a resource, allowing a malicious actor to exploit this to disclose sensitive information...

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization's attack surface, both...

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott

Ever wonder what it’s like to be an intern at Rapid7 in Belfast? Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7’s Placement Programme. What was the interview process like...

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response DR practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing...

CVE-2024-34344

Nuxt contains a server-side RCE due to insufficient validation of the path parameter in NuxtTestComponentWrapper, enabling arbitrary JavaScript execution on the server when a user loads a malicious page while testing locally. Affected versions include Nuxt 3.4.0 through versions prior to 3.12.4 (...

CVE-2024-24813

Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workaround...

BIT-CODEIGNITER-2023-32692

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

BIT-CODEIGNITER-2023-46240

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

Code injection

CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround,...

Continuous Security Validation with Penetration Testing as a Service (PTaaS)

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center SOC, it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their...

[SECURITY] Fedora 38 Update: python3.7-3.7.16-4.fc38

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

Input validation

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...

CVE-2023-32692 Remote Code Execution Vulnerability in Validation Placeholders

CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they...