8653 matches found
Dev and Sec: The Perfect Pair <3
Discover how this dynamic duo creates secure, agile environments – and how you can foster their romance in your organization...
Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secur...
Malicious code in biconomy-dev (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ccacc09681a6383aa261381df93b651a806293270c031081ae4af8f993652c7 Any computer that has this package install...
Malicious code in crypto-dev (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bed52b1811db7c40f9bfbc1e7e15add32d6e51e3ec04d0bf81faf038a5a1c88 Any computer that has this package install...
ALSA-2025:1443 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
CISA: Eliminating Buffer Overflows
This Secure by Design Alert is part of an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. This paper focuses on buffer overflows...
Siemens SIPROTEC 5 安全漏洞
Siemens SIPROTEC 5 is a multifunction relay from Siemens Germany. A security vulnerability exists in the Siemens SIPROTEC 5 that stems from the affected device not properly restricting access to the development shell through the physical interface. This could allow an unauthenticated attacker to...
esbuild enables any website to send any requests to the development server and read the response
Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...
PT-2025-6214 · Esbuild · Esbuild
Name of the Vulnerable Software and Affected Versions: esbuild affected versions not specified Description: The issue allows any website to send requests to the development server and read the response due to default CORS settings. This is because esbuild sets the Access-Control-Allow-Origin:...
CVE-2025-22129
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, an...
[SECURITY] Fedora 40 Update: FlightGear-2020.3.19-8.fc40
The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...
CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB
WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...
CVE-2021-35572
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2021-35659
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2021-35658
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
[SECURITY] Fedora 41 Update: FlightGear-2020.3.19-8.fc41
The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...
CVE-2022-21445
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
The Impact of Cybersecurity on Game Development
The gaming industry has grown into a massive global market, with millions of players engaging in online multiplayer…...
CVE-2022-46822
Unauth. Reflected Cross-Site Scripting XSS vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin = 2.0 versions...
CVE-2022-31172
OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...