GitLab 17.8 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-2867)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate...

CVE-2025-2867

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

Access control error vulnerability exists in Vite (CNVD-2025-05817)

Vite is Vite open source a new front-end building tools . Vite has an access control error vulnerability that can be exploited by an attacker to bypass the development server's protection mechanism and illegally access sensitive files outside the project root directory...

PT-2025-13198 · Gitlab · Gitlab Duo

Name of the Vulnerable Software and Affected Versions: GitLab Duo with Amazon Q versions 17.8 through 17.8.5 GitLab Duo with Amazon Q versions 17.9 through 17.9.2 GitLab Duo with Amazon Q versions 17.10 through 17.10.0 Description: An issue has been discovered in the GitLab Duo with Amazon Q that...

PT-2025-13208 · Ibm · Ibm Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.1.2.21 and earlier, 7.2 through 7.2.3.14, 7.3 through 7.3.2.0 IBM DevOps Deploy versions 8.0 through 8.0.1.4, 8.1 and earlier Description: The issue concerns the storage of potentially sensitive authentication...

CVE-2024-55965

Appsmith before version 1.51 is affected by an information-disclosure issue where users invited as "App Viewer" can access development information for a workspace, specifically listing datasources in that workspace. The root cause is improper access control that permits VIEWER-role users to enume...

Creating a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude

I just created a Windows 10/11 application that takes square screen captures. I did zero coding myself but used Visual Studio Code, Cline, OpenRouter, and Claude. I got the idea by watching a video on so-called Vibe programming by a YouTuber named Memory. I have zero Windows programming experienc...

Creating an FTP Server Buffer Overflow Exploit with Metasploit

This paper, written in Brazilian Portuguese, explains how to create a common exploit from the data of a Metasploit Framework exploit to exploit a vanilla buffer overflow on an FTP server. In the context of application security, the author provides mitigation recommendations...

Vite 访问控制错误漏洞

Vite is Vite open source a new front-end building tools . Vite has an access control error vulnerability that can be exploited by an attacker to bypass the development server's protection mechanism and illegally access sensitive files outside the project root directory...

PT-2025-12667

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Description: Vite is susceptible to a file access bypass vulnerability. When the development server is exposed to the network using the --host or server.host configuration optio...

CVE-2025-2598

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

[SECURITY] Fedora 41 Update: dotnet8.0-8.0.114-1.fc41

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

[SECURITY] Fedora 40 Update: dotnet8.0-8.0.114-1.fc40

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

@aws-cdk/integ-runner (>=2.172.0-alpha.0 <=2.178.1-alpha.0), @bifravst/http-api-mock (>=2.1.97 <=2.1.144) +4 more potentially affected by CVE-2025-2598 via aws-cdk (>=2.172.0 <=2.178.1)

aws-cdk NPM version =2.172.0, =2.172.0-alpha.0, =2.1.97, =4.3.190, =3.2.25, =2.172.0, =2.178.1 Source cves: CVE-2025-2598 Source advisory: OSV:GHSA-V63M-X9R9-8GQP...

calgaryartsdevelopment.com Cross Site Scripting vulnerability OBB-4038639

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from credential information...

PT-2025-12422

Name of the Vulnerable Software and Affected Versions AWS CDK CLI versions prior to 2.178.2 Description The issue arises when the AWS CDK CLI is used with a credential plugin that returns an expiration property with the retrieved AWS credentials, causing the credentials to be printed to the conso...