842 matches found
PT-2025-20132 · Gamipress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.3.7 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...
Security update for python-h11
This update for python-h11 fixes the following issues: CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request smuggling. bsc1241872 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
DEBIAN-CVE-2022-49848
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da "phy: qcom-qmp-combo,usb: add support for separate PCSUSB region" started treating the PCSUSB registers as potentially separate from the PCS registers but...
14 secure coding tips: Learn from the experts at Microsoft Build
Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...
14 secure coding tips: Learn from the experts at Microsoft Build
Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...
Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-957)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-957 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the...
CVE-2025-43859
A flaw was found in the h11. This vulnerability allows request smuggling via improper parsing of chunked-coding message bodies, where h11 fails to validate the required \r\n terminators. Mitigation Ensuring any applications using h11 are behind a correctly configured reverse proxy will prevent...
SUSE CVE-2025-43859
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
CVE-2025-43859
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...
Slopsquatting
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names--laced with malware, of course. EDITED TO ADD 1/22: Research paper. Slashdot thread...
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 t...
This Week in Spring - April 8th, 2025
Hi, Spring fans! How are ya? I'm doing fine. Excited, even. You see, Spring AI M7 is coming soon! In theory, it drops on Thursday. Don't hold us to that — these things can change :- But soon , and it's turning out to be a whopper of a release! You should try upgrading your application to the new ...
CVE-2025-31122
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...
CVE-2025-31122
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...
CVE-2025-31122 scratch-coding-hut.github.io Login Links Generation vulnerability
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...
CVE-2025-31122 scratch-coding-hut.github.io Login Links Generation vulnerability
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...
CVE-2025-31122 scratch-coding-hut.github.io Login Links Generation vulnerability
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...
CVE-2025-31122
CVE-2025-31122 affects Scratch-Coding-Hut’s website (1.0-beta3 and earlier). The vulnerability: the login link’s username parameter can be altered to log in to arbitrary accounts, enabling account-level access. Reported across multiple feeds (NVD, Red Hat CVE pages, etc.) with the same descriptio...
PT-2025-13811 · Unknown · Coding Hut
Name of the Vulnerable Software and Affected Versions: Coding Hut versions 1.0-beta3 and earlier Description: The issue allows an attacker to log in to any account by modifying the username field in the login link. This affects the login functionality of the website. Recommendations: For versions...
Scratch-Coding-Hut 安全漏洞
Scratch-Coding-Hut is a coding website open-sourced by Scratch Coding Hut. A security vulnerability exists in Scratch-Coding-Hut 1.0-beta3 and earlier versions, which stems from a login link that can be used to log in to arbitrary accounts...