Amazon Linux 2023 : python3-flask (ALAS2023-2023-183)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-183 advisory. Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy t...

Symfony Debug Mode Enabled

Symfony is a free and open-source PHP web application framework relying on bundles, which are plugins allowing developers to hook into Symfony. Symfony offers a debug mode which allows developers to get additional tools like the web profiler and the debug toolbar to help troubleshooting their...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2023:2263-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2263-1 advisory. - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a...

Django denial of service vulnerability

Django is the Django Foundation's set of open source web application framework based on the Python language. The framework includes an object-oriented mapper, view system, template system, etc. A denial-of-service vulnerability exists in Django, which stems from improper handling of certain...

Django SQL Injection Vulnerability (CNVD-2022-31837)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

Django SQL Injection Vulnerability (CNVD-2022-31838)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

Laravel remote code execution vulnerability

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

October CMS File Upload Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...

Apache MINA Denial of Service Vulnerability

Apache MINA is a web application framework from the Apache Foundation. A denial-of-service vulnerability exists in Apache MINA, which is caused by improper handling of HTTP message header requests in Apache MINA. An attacker could exploit this vulnerability to potentially cause an infinite loop i...

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

Django path traversal vulnerability (CNVD-2022-31940)

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django has a path traversal vulnerability that stems from the fact that a user can use the:...

LivingLogic XIST4C Cross-Site Scripting Vulnerability (CNVD-2021-39967)

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via...

LivingLogic XIST4C 跨站脚本漏洞

XIST4C is a content management system, shopping cart software and web application framework from LivingLogic. A cross-site scripting vulnerability exists in LivingLogic XIST4C versions prior to 0.107.8. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via...

Bitweaver cross-site scripting vulnerability (CNVD-2021-22574)

Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/myimages.php URI...

Unspecified vulnerability in Jetbrains JetBrains Ktor framework

JetBrains Ktor framework is a Web application framework from the Czech company JetBrains Jetbrains. A security vulnerability exists in JetBrains Ktor before 1.5.0, which stems from the fact that a birthday attack on SessionStorage keys is possible. No details of the vulnerability are provided at...

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

Design/Logic Flaw

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

Apache Tapestry 代码问题漏洞

Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . A deserialization vulnerability exists in Apache Tapestry version 4, which originates from an attempt to deserialize the "sp" parameter before calling the page's...

Fedora: Security Advisory for php-horde-horde (FEDORA-2020-01d7b8b690)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: php-horde-horde-5.2.22-1.fc30

The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...