328 matches found
CVE-2024-23641
CVE-2024-23641 affects SvelteKit 2 apps when handling HTTP GET/HEAD requests with a body (e.g., {})—these requests crash the preview/hosted app, including TRACE, causing DoS. The issue specifically impacts deployments using @sveltejs/adapter-node versions 2.1.2, 3.0.3, or 4.0.1 and @sveltejs/kit ...
CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...
CVE-2023-35039
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...
Authentication flaw
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...
CVE-2023-35039
CVE-2023-35039 affects the WordPress plugin Password Reset with Code for WordPress REST API (versions
CVE-2023-43647
baserCMS prior to 4.8.0 contains a reflected XSS in the file upload feature (CVE-2023-43647); affected versions include 4.7.8 and earlier per multiple sources. A fix is released in baserCMS 4.8.0.
Vapor Security Breach
Vapor is vapor individual developers of a Swift web development framework. It can be used to develop high-performance web applications and supports iOS, OS X and Ubuntu. A security vulnerability exists in Vapor that stems from a denial of service DoS vulnerability due to a problem encountered...
USN-6414-2: Django vulnerabilities
USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django, respectively. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Wenchao Li discovered that the Django Truncator function incorrectly handled very long HTML input. A remote...
Engineers Online Portal SQL Injection Vulnerability
Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...
[SECURITY] Fedora 39 Update: python-pyramid-2.0.2-1.fc39
Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...
[SECURITY] Fedora 38 Update: python-pyramid-2.0.2-1.fc38
Pyramid is a small, fast, down-to-earth, open source Python web development framework. It makes real-world web application development and deployment more fun, more predictable, and more productive...
Fedora: Security Advisory for python-pyramid (FEDORA-2023-b213d84a16)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious code in web-dev-for-beginners (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-1503 Malicious code in web-dev-for-beginners (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12dfe4d59f97f208fa2c0392b71a0939ecbd509d7ccd7853cea8b3f4e13b317a The OpenSSF Package Analysis project identified 'web-dev-for-beginners' @ 1.0.0 npm as malicious. It is considered malicious because: - The...
[SECURITY] Fedora 38 Update: php-8.2.9-2.fc38
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.
The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...
Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks
By Habiba Rashid In the interconnected world of web development, open-source components play a vital role, facilitating collaboration and code sharing… This is a post from HackRead.com Read the original post: Global CDN Service jsdelivr Exposed Users to Phishing Attacks...
Important: Red Hat Security Advisory: python-flask security update
An update for python-flask is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
This Week in Spring - April 25th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? I'm en route to Bangalore, India, via Frankfurt, for the Developer Summit 2023 edition. It's going to be a ton of fun, and I hope you won't miss it! para Spring Boot 3.1.0-RC1 available now One of the most exciti...