WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer Tools Blocker versions = 3.2.1...

PT-2025-36157

Name of the Vulnerable Software and Affected Versions: SwiftNinjaPro Developer Tools Blocker versions through 3.2.1 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This allows attackers to perform actions on behalf of an authenticated user without their knowledge...

WordPress plugin Developer Tools Blocker 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

...

HCL Compass 安全漏洞

HCL Compass is a low-code change management software from HCL India. Managing the full range of testing activities and integration with developer tools. HCL Compass suffers from a security vulnerability that stems from could lead to unauthorized access to the database by an attacker...

CVE-2025-55301

The Scratch Channel CVE-2025-55301 affects version 1 of The Scratch Channel (the news site) where localStorage can be manipulated via the browser DevTools to edit the account username locally. This is a client-side storage integrity issue occurring in version 1; it was addressed in version 1.1. T...

PT-2025-34671 · Unknown · Scratch Channel

Name of the Vulnerable Software and Affected Versions: The Scratch Channel version 1 The Scratch Channel version 1.1 Description: The application allows modification of the account's username locally by accessing local storage through the developer tools. Recommendations: Update to version 1.1...

CVE-2025-31714

In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-31714

In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-31714

In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-31714

CVE-2025-31714 concerns a missing input verification vulnerability in the Developer Tools component of UNISOC chipsets. The flaw enables local privilege escalation without requiring additional execution privileges. Connected sources corroborate the issue's nature (missing input validation) and lo...

PT-2025-33625 · Unknown · Developer Tools

Name of the Vulnerable Software and Affected Versions: Developer Tools affected versions not specified Description: A missing input verification flaw exists in Developer Tools. This issue could allow for local escalation of privilege without requiring additional execution privileges...

Linux Distros Unpatched Vulnerability : CVE-2025-6557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific...

KLA91073 DoS vulnerability in Microsoft Developer Tools

Denial of service vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-6965 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Visual-Studio CVE list...

Linux Distros Unpatched Vulnerability : CVE-2023-23599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands t...

@nestjs/devtools-integration: CSRF to Sandbox Escape Allows for RCE against JS Developers

Summary A critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API endpoint that uses an unsafe JavaScript sandbox safe-eval-like implementation. Due to improper...

KLA85943 PE vulnerability in Microsoft Developer Tools

An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47158 Related products Microsoft-Azure CVE list CVE-2025-47158 critical Solution Install necessary updates from the KB...

[SECURITY] Fedora 41 Update: python-requests-2.32.4-1.fc41

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-47.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2025-53548

Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...