Lucene search
K

328 matches found

Prion
Prion
added 2023/04/04 10:15 p.m.16 views

Cross site request forgery (csrf)

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

6.8CVSS8.8AI score0.00557EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/04/04 9:20 p.m.80 views

CVE-2023-29003

CVE-2023-29003 affects SvelteKit CSRF protection. Prior to version 1.15.1, an attacker could bypass CSRF by sending requests with a crafted Content-Type header, enabling cross-site requests from third parties and potentially session takeover. SvelteKit 1.15.1 hardens CSRF by (1) treating text/pla...

8.8CVSS8.9AI score0.00557EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/04/04 9:20 p.m.40 views

CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

8.8CVSS8.7AI score0.00557EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.23 views

Debian: Security Advisory (DLA-349-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.04284EPSS
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/02/28 12:0 a.m.18 views

Understanding Jamstack Security

Learn how Jamstack has emerged as a new architectural paradigm for delivering websites and web-based applications with the promise of improved performance, scalability, and security over the traditional server-driven approach to web development...

2.9AI score
Exploits0
Huntr
Huntr
added 2023/02/20 2:52 a.m.435 views

Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203

Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...

1.7CVSS6.6AI score0.05213EPSS
Exploits2References1
Debian
Debian
added 2023/02/01 10:0 p.m.21 views

[SECURITY] [DLA 3306-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3306-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 01, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.47102EPSS
Exploits0
Fedora
Fedora
added 2022/11/01 3:57 p.m.48 views

[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS8.8AI score0.05193EPSS
Exploits4
Fedora
Fedora
added 2022/10/07 1:13 p.m.28 views

[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS2.2AI score0.49336EPSS
Exploits2
CNVD
CNVD
added 2022/09/28 12:0 a.m.31 views

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

9.8CVSS3.2AI score0.00851EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2022/07/04 11:32 a.m.72 views

USN-5501-1: Django vulnerability

It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...

9.8CVSS7AI score0.73274EPSS
Exploits3
CNVD
CNVD
added 2022/06/16 12:0 a.m.22 views

Neetai Tech SQL Injection Vulnerability

Neetai Tech is a web development, GST software and accounting software from Neetai India.Neetai Tech is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via manipulation of the /product.php file...

9.8CVSS4.1AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/13 12:0 a.m.22 views

Vapor Denial of Service Vulnerability

Vapor is a Swift web development framework. Can be used to develop high-performance Web applications , support for iOS, OS X and Ubuntu systems. A denial-of-service vulnerability exists in Vapor versions prior to 4.61.1 that stems from not properly handling incoming error messages and can be...

7.5CVSS7.3AI score0.0149EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/21 5:15 a.m.3 views

CVE-2022-27237

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

6.1CVSS5.8AI score0.00525EPSS
Exploits0References2
NVD
NVD
added 2022/04/21 5:15 a.m.19 views

CVE-2022-27237

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

6.1CVSS0.00525EPSS
Exploits0References1
OSV
OSV
added 2022/04/21 5:15 a.m.8 views

CVE-2022-27237

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

6.1CVSS5.7AI score0.00525EPSS
Exploits0References1
Prion
Prion
added 2022/04/21 5:15 a.m.13 views

Cross site scripting

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

4.3CVSS6AI score0.00525EPSS
Exploits0References1Affected Software5
CVE
CVE
added 2022/04/21 4:32 a.m.79 views

CVE-2022-27237

CVE-2022-27237 describes a cross-site scripting (XSS) vulnerability in an NI Web Server component used with several NI products. The advisory indicates the affected surface is the NI Web Server component across multiple NI product deployments, with remediation guidance requiring upgrading to one ...

6.1CVSS6AI score0.00525EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2022/04/21 4:32 a.m.28 views

CVE-2022-27237

There is a cross-site scripting XSS vulnerability in an NI Web Server component installed with several NI products. Depending on the products in use, remediation guidance includes: install SystemLink version 2021 R3 or later, install FlexLogger 2022 Q2 or later, install LabVIEW 2021 SP1, install ...

6.2AI score0.00525EPSS
Exploits0References1
HackRead
HackRead
added 2022/04/20 2:16 p.m.10 views

How to Choose the Right Web Development Firm for Your Startup?

By Owais Sultan Finding the right website development firm or team is a challenging task for many startups. Business owners see… This is a post from HackRead.com Read the original post: How to Choose the Right Web Development Firm for Your Startup?...

2AI score
Exploits0
Rows per page
Query Builder