328 matches found
CVE-2024-12742
A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...
CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software
A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...
CVE-2024-12742
CVE-2024-12742 describes a deserialization of untrusted data vulnerability in NI G Web Development Software. Affected: NI G Web Development Software 2022 Q3 and earlier. The flaw exists in parsing of GWEBPROJECT files, with exploitation requiring a user to open a specially crafted project file or...
CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software
A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...
USN-7335-1: Django vulnerability
It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service...
NI G Web Development Software 代码问题漏洞
NI G Web Development Software is a development software from National Instruments NI that creates test and measurement Web interfaces. A code issue vulnerability exists in NI G Web Development Software version 2022 Q3 and earlier, which stems from deserializing untrustworthy data and could lead t...
CVE-2025-24360
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2025-24361
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...
CVE-2025-24361
The CVE-2025-24361 issue affects Nuxt (Vue.js) dev-server workflow: when using webpack (3.0.0–3.15.12) or rspack (3.12.2–3.152) builders, loading a malicious site can trigger source-code exposure. Attacker can use Function::toString on window.webpackChunknuxt_app values to reveal the Nuxt source....
CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...
Polyfill Library Injected with Malware Impacting 100,000 Websites
A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script VBScript in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as...
Best Practices for Optimizing Web Development Standards for Media Sites
By Owais Sultan Boost user engagement and SEO ranking with these key web development practices for media sites. Discover responsive design, page speed optimization, user-friendly CMS, SEO structure, and accessibility best practices. This is a post from HackRead.com Read the original post: Best...
Intumit SmartRobot Security Vulnerability
Intumit SmartRobot is a web development framework from Intumit, Inc. A security vulnerability exists in Intumit SmartRobot, which stems from the use of a fixed cryptographic key for authentication, and can be exploited by an attacker to gain administrator privileges and execute arbitrary code on ...
Fedora: Security Advisory for velocity (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: velocity-2.3-5.fc40
Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. When Velocity is used for web development, Web designers can work in parallel with Java programmers to develop web sites according to the...
The vulnerability in the set of tools for web development, DevTools, available in Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allows a hacker to escalate their privileges.
The vulnerability of the DevTools suite for web development in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...
CVE-2024-23641
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
Design/Logic Flaw
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...