CVE-2025-8484

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-8484 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

CVE-2025-8484

CVE-2025-8484 affects the WordPress plugin Code Quality Control Tool (versions 0.1 and earlier) and is due to publicly exposed log files that allow unauthenticated viewing of potentially sensitive information. Wordfence Intelligence notes this as an exposed-information vulnerability with a CVSSv3...

CVE-2025-8484 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files

The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

WordPress plugin Code Quality Control Tool 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

PT-2025-41676

Name of the Vulnerable Software and Affected Versions Code Quality Control Tool versions 0.1 through 0.1 Description The Code Quality Control Tool plugin for WordPress has a flaw that allows viewing of potentially sensitive information through publicly exposed log files. This impacts...

Aspect-Oriented Programming in Secure Software Development: a Case Study of Security Aspects in Web Applications

Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming OOP often intertwines security logic with business functionality,...

PT-2025-35523

Name of the Vulnerable Software and Affected Versions SonarQube versions 4 through 5.3.0 Description SonarQube is a static analysis solution for continuous code quality and security inspection. A command injection issue was identified in the SonarQube Scan GitHub Action. Untrusted input arguments...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-3.fc41

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-5.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

Creating a Large Text File Viewer by Vibe Coding with Visual Studio Code, Cline, OpenRouter, and Claude 3.7

I just created another Windows 10/11 application using AI. This is a follow-up to the SquareCap program I posted about a few weeks ago. The problem I was trying to solve this time was opening and searching extremely large text files. I used to use the old Mandiant Highlighter program for this, bu...

Adobe Reader CoolType Out-Of-Bounds Read

The Type1/CFF CharString interpreter code in the Adobe Reader CoolType.dll font library does not check if the input stream pointer has not gone beyond the end of the source buffer, which stores the state machine instructions. The Type1/CFF CharString interpreter code in the Adobe Reader...

Fedora: Security Advisory for mingw-gstreamer1-plugins-bad-free (FEDORA-2023-0984b63b23)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IoT Secure Development Guide

Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as...

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2023-62627)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

Image Builder security, bug fix, and enhancement update

cockpit-composer 45-1.0.1 - Make per page documentation links point to Oracle Linux Orabug: 32013095 45-1 - New upstream release 44-1 - New upstream release 43-1 - New upstream release 42-1 - New upstream release 40-1 - New upstream release 39-1 - New upstream release 38-1 - New upstream release...

CVE-2021-43298

CVE-2021-43298 corresponds to a vulnerability in Embedthis GoAhead web server where the password check for HTTP Basic authentication does not use constant-time comparison and lacks rate-limiting, enabling an unauthenticated attacker to brute-force the password by timing responses. Connected sourc...

JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09216)

JetBrains TeamCity is a distributed build management and continuous integration tool from Czech company JetBrains Jetbrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity has a security vulnerability that stems from a missi...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-31412 Source advisory: OSV:GHSA-FR26-QJC8-MVJX...