Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.20.0 release

Red Hat OpenShift Dev Spaces 3.20 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in...

Low: cuda-nvml-devel-12-8

Issue Overview: NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. CVE-2024-53870...

DEBIAN-CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

GHSA-QC59-CXJ2-C2W4 aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

What Are the Benefits of a Microservices Architecture?

...

PT-2025-19363 · Npm · Aws-Cdk-Lib

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

SUSE CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

Adobe ColdFusion Improper Authentication Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from an improper authentication vulnerability that could be exploited by an...

AZL-60409 CVE-2024-56406 affecting package perl for versions less than 5.38.2-507

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

Vite has an `server.fs.deny` bypass with an invalid `request-target`

Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...

The vulnerability of the Microsoft Visual Studio software development tool, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Visual Studio software development tool is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Unauthorized File Exposure

Vite is vulnerable to Unauthorized File Exposure. The vulnerability is due to improper exposure of non-allowed files through the ?inline or ?raw?import methods when the Vite dev server is explicitly exposed to the network using --host or the server.host config option, allows unauthorized access t...

The vulnerability in the displaydebug_section function of the readelf.c component of the GNU Binutils development environment allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the displaydebugsection function in the readelf.c component of the GNU Binutils development environment is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause...

CVE-2025-22012

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

CVE-2025-22012

CVE-2025-22012 concerns a Linux kernel issue where a change in arm64 dts for qcom SDM845/850 could affect pagetable walker cache coherency. The vulnerability description states that this led to lock-ups and resets on some devices (e.g., Yoga C630) while others (Dragonboard 845c) were unaffected. ...

CVE-2025-22012 Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on appssmmu" There are reports that the pagetable walker cache coherency is not a given across the spectrum of SDM845/850 devices, leading to lock-ups and resets. It works fine o...

PT-2025-15273

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...

AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents

The first-of-its-kind solution integrates with company codebases, enabling AI agents to work in-context and generate production-grade, front-end code in minutes...

Exploit for CVE-2025-30208

CVE-2025-30208 - Vite Arbitrary File Read PoC This is a Proof...

PT-2025-14786

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.0.13 Vite versions 6.1.0 through 6.1.3 Vite versions 6.2.0 through 6.2.4 Vite version 4.5.11 and earlier Vite version 5.4.16 and earlier Description The issue allows the contents of arbitrary files to be returned ...