Lucene search
K

328 matches found

CVE
CVE
added 2024/01/24 4:56 p.m.46 views

CVE-2024-23641

CVE-2024-23641 affects SvelteKit 2 apps when handling HTTP GET/HEAD requests with a body (e.g., {})—these requests crash the preview/hosted app, including TRACE, causing DoS. The issue specifically impacts deployments using @sveltejs/adapter-node versions 2.1.2, 3.0.3, or 4.0.1 and @sveltejs/kit ...

7.5CVSS7.4AI score0.00764EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2024/01/24 4:56 p.m.36 views

CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

7.5CVSS7.4AI score0.00764EPSS
Exploits1References4
NVD
NVD
added 2023/12/07 12:15 p.m.14 views

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

9.8CVSS0.00857EPSS
Exploits0References1
Prion
Prion
added 2023/12/07 12:15 p.m.19 views

Authentication flaw

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

7.5CVSS7.5AI score0.00857EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/07 11:27 a.m.57 views

CVE-2023-35039

CVE-2023-35039 affects the WordPress plugin Password Reset with Code for WordPress REST API (versions

9.8CVSS8.7AI score0.00857EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/30 6:18 p.m.69 views

CVE-2023-43647

baserCMS prior to 4.8.0 contains a reflected XSS in the file upload feature (CVE-2023-43647); affected versions include 4.7.8 and earlier per multiple sources. A fix is released in baserCMS 4.8.0.

6.1CVSS5.6AI score0.00509EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.5 views

Vapor Security Breach

Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu. A security vulnerability exists in Vapor that stems from a denial of service DoS vulnerability due to a problem encountered...

5.3CVSS6.7AI score0.00597EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2023/10/04 10:1 p.m.81 views

USN-6414-2: Django vulnerabilities

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...

7.5CVSS6.8AI score0.01284EPSS
Exploits0
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.3 views

Engineers Online Portal SQL Injection Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...

9.8CVSS8.4AI score0.00684EPSS
Exploits1References4
Fedora
Fedora
added 2023/09/15 7:2 p.m.31 views

[SECURITY] Fedora 39 Update: python-pyramid-2.0.2-1.fc39

Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...

5.3CVSS5.2AI score0.00632EPSS
Exploits0
Fedora
Fedora
added 2023/09/05 12:41 a.m.37 views

[SECURITY] Fedora 38 Update: python-pyramid-2.0.2-1.fc38

Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...

5.3CVSS5.2AI score0.00632EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/09/05 12:0 a.m.14 views

Fedora: Security Advisory for python-pyramid (FEDORA-2023-b213d84a16)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.00632EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/20 2:17 p.m.5 views

Malicious code in web-dev-for-beginners (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
OSV
OSV
added 2023/08/20 2:17 p.m.21 views

MAL-2023-1503 Malicious code in web-dev-for-beginners (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
Fedora
Fedora
added 2023/08/12 4:25 a.m.36 views

[SECURITY] Fedora 38 Update: php-8.2.9-2.fc38

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.5AI score0.08003EPSS
Exploits4
Fedora
Fedora
added 2023/08/11 1:1 a.m.28 views

[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.5 views

The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.

The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...

7.8CVSS6.5AI score0.00491EPSS
Exploits1References3Affected Software1
HackRead
HackRead
added 2023/07/21 7:9 p.m.14 views

Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

By Habiba Rashid In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing… This is a post from HackRead.com Read the original post: Global CDN Service jsdelivr Exposed Users to Phishing Attacks...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/07 7:46 a.m.31 views

Important: Red Hat Security Advisory: python-flask security update

An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.2AI score0.01261EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2023/04/25 12:0 a.m.40 views

This Week in Spring - April 25th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I'm en route to Bangalore, India, via Frankfurt, for the Developer Summit 2023 edition. It's going to be a ton of fun, and I hope you won't miss it! para Spring Boot 3.1.0-RC1 available now One of the most exciti...

8.9AI score0.01122EPSS
Exploits0
Rows per page
Query Builder