Lucene search
K

328 matches found

NVD
NVD
added 2025/03/06 5:15 p.m.13 views

CVE-2024-12742

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

8.4CVSS0.05365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/06 4:27 p.m.10 views

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

8.4CVSS7.5AI score0.05365EPSS
Exploits0References1
CVE
CVE
added 2025/03/06 4:27 p.m.42 views

CVE-2024-12742

CVE-2024-12742 describes a deserialization of untrusted data vulnerability in NI G Web Development Software. Affected: NI G Web Development Software 2022 Q3 and earlier. The flaw exists in parsing of GWEBPROJECT files, with exploitation requiring a user to open a specially crafted project file or...

8.4CVSS7.5AI score0.05365EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/06 4:27 p.m.14 views

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

8.4CVSS0.05365EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/03/06 1:30 p.m.12 views

USN-7335-1: Django vulnerability

It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS7.1AI score0.00748EPSS
Exploits0
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.6 views

NI G Web Development Software 代码问题漏洞

NI G Web Development Software is a development software from National Instruments NI that creates test and measurement Web interfaces. A code issue vulnerability exists in NI G Web Development Software version 2022 Q3 and earlier, which stems from deserializing untrustworthy data and could lead t...

8.4CVSS7.1AI score0.05365EPSS
Exploits0References2
NVD
NVD
added 2025/01/25 1:15 a.m.15 views

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

5.3CVSS0.00529EPSS
Exploits0References6
NVD
NVD
added 2025/01/25 1:15 a.m.52 views

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2025/01/25 12:53 a.m.49 views

CVE-2025-24361

The CVE-2025-24361 issue affects Nuxt (Vue.js) dev-server workflow: when using webpack (3.0.0–3.15.12) or rspack (3.12.2–3.152) builders, loading a malicious site can trigger source-code exposure. Attacker can use Function::toString on window.webpackChunknuxt_app values to reveal the Nuxt source....

5.3CVSS5.4AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/25 12:53 a.m.25 views

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS0.00325EPSS
Exploits0References2
HackRead
HackRead
added 2024/06/27 4:52 p.m.11 views

Polyfill Library Injected with Malware Impacting 100,000 Websites

A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/23 5:33 a.m.14 views

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script VBScript in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as...

6.3AI score
Exploits0
HackRead
HackRead
added 2024/04/13 10:22 p.m.11 views

Best Practices for Optimizing Web Development Standards for Media Sites

By Owais Sultan Boost user engagement and SEO ranking with these key web development practices for media sites. Discover responsive design, page speed optimization, user-friendly CMS, SEO structure, and accessibility best practices. This is a post from HackRead.com Read the original post: Best...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

Intumit SmartRobot Security Vulnerability

Intumit SmartRobot is a web development framework from Intumit, Inc. A security vulnerability exists in Intumit SmartRobot, which stems from the use of a fixed cryptographic key for authentication, and can be exploited by an attacker to gain administrator privileges and execute arbitrary code on ...

9.8CVSS7.9AI score0.00574EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.17 views

Fedora: Security Advisory for velocity (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.26 views

[SECURITY] Fedora 40 Update: velocity-2.3-5.fc40

Velocity is a Java-based template engine. It permits anyone to use the simple yet powerful template language to reference objects defined in Java code. When Velocity is used for web development, Web designers can work in parallel with Java programmers to develop web sites according to the...

8.8CVSS7.2AI score0.02557EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.6 views

The vulnerability in the set of tools for web development, DevTools, available in Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allows a hacker to escalate their privileges.

The vulnerability of the DevTools suite for web development in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...

4.2CVSS7.5AI score0.00633EPSS
Exploits0References13Affected Software7
NVD
NVD
added 2024/01/24 5:15 p.m.38 views

CVE-2024-23641

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

7.5CVSS7.5AI score0.00764EPSS
Exploits1References2
Prion
Prion
added 2024/01/24 5:15 p.m.25 views

Design/Logic Flaw

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

5CVSS7AI score0.00764EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2024/01/24 4:56 p.m.11 views

CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

7.5CVSS7AI score0.00764EPSS
Exploits1References2
Rows per page
Query Builder