178 matches found
EUVD-2024-0520
Malicious code in bioql PyPI...
EUVD-2025-5939
Malicious code in bioql PyPI...
PT-2025-39079
Name of the Vulnerable Software and Affected Versions Codex CLI versions 0.2.0 through 0.38.0 Codex IDE extension versions prior to 0.4.12 Description Codex CLI, a coding agent from OpenAI, had a flaw in its sandbox configuration logic. This allowed the software to incorrectly identify the writab...
[SECURITY] Fedora 41 Update: toolbox-0.2-1.fc41
Toolbx is a tool for Linux, which allows the use of interactive command line environments for software development and troubleshooting the host operating system, without having to install software on the host. It is built on top of Podman and other standard container technologies from OCI. Toolbx...
CVE-2025-7972 Rockwell Automation FactoryTalk® Linx Network Browser Security Bypass Vulnerability
A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...
CVE-2025-7972
CVE-2025-7972 details (Mode C): A vulnerability in Rockwell Automation’s FactoryTalk Linx Network Browser allows bypassing FTSP token validation by setting process.env.NODE_ENV to ‘development’. This enables an attacker to create, update, and delete FTLinx drivers. Documented impact includes HIGH...
[SECURITY] Fedora 42 Update: qt-creator-16.0.1-2.fc42
Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...
The vulnerability of the Microsoft Power Apps development environment, related to insufficient validation of incoming requests, allows a attacker to execute an SSRF attack.
The vulnerability of the Microsoft Power Apps development environment is related to insufficient testing of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
CVE-2024-23639
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
Microsoft Security Update Validation Report May 2025
Microsoft’s May 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...
Unspecified Vulnerability in JetBrains Rider
JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider that stems from a custom archive unpacker allowing arbitrary file overwrites during a remote debugging session, which can be exploit...
Unspecified vulnerability in JetBrains rubymine
JetBrains rubymine is an integrated development environment IDE for Ruby development, providing code editing, debugging, and more. JetBrains rubymine suffers from a security vulnerability that originates from a remote interpreter overriding the port that listens to all interfaces. An attacker can...
CVE-2025-24316
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...
CVE-2025-24316 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Sensitive Information Due to Incompatible Policies
The Dario Health Internet-based server infrastructure is vulnerable due to exposure of development environment details, which could lead to unsafe functionality...
CVE-2025-24316
CVE-2025-24316 affects the Dario Health Internet-based server infrastructure. The issue is exposure of development environment details, leading to unsafe functionality as described in the CVE entry and corroborated by multiple sources (NVD, Red Hat, CIRCL, PT Security, and CISA ICS advisory). CVS...
PT-2025-9117 · Unknown · Dario Health
Name of the Vulnerable Software and Affected Versions: Dario Health affected versions not specified Description: The issue concerns the exposure of development environment details in the Dario Health Internet-based server infrastructure, potentially leading to unsafe functionality. Recommendation...
CVE-2024-32003
wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...
GHSA-74J9-XHQR-6QV3 Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message...
Reflected Cross Site Scripting (XSS) in error message
If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message...
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
!IMPORTANT This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. See https://docs.silverstripe.org/en/developerguides/debugging/environmenttypes/ for...