CVE-2025-8217

CVE-2025-8217 documents describe a vulnerability in the Amazon Q Developer VS Code extension. The v1.84.0 extension contains inert, injected code intended to call the Q Developer CLI, which executes when the extension is launched in VS Code, but the injected code has a syntax error that prevents ...

PT-2025-31362

Name of the Vulnerable Software and Affected Versions Amazon Q Developer Visual Studio Code VS Code extension version 1.84.0 Description The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extensi...

Amazon Q Developer Visual Studio Code extension 安全漏洞

Amazon Q Developer Visual Studio Code extension is an extension in VS Code from Amazon.com, USA. A security vulnerability exists in Amazon Q Developer Visual Studio Code extension version v1.84.0, which stems from a syntax error in the injected code that causes API calls to fail...

WordPress Fan Page plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Gilang in WordPress Plugin Fan Page versions = 1.0.1...

WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP REST Cache versions = 2025.1.0...

WordPress WoodMart Theme <= 8.2.6 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.6 Fixed in 8.2.7 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2025-8097 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID edd2e4c45666 Credits Samir El Khaouti Required privilege Unauthenticated Publish...

WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Local File Inclusion

Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6991 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 34bd1e68ee25 Credits stealthcopt...

WordPress Valuation Calculator plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Valuation Calculator versions = 1.3.2...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...

WordPress Crowdfunding for WooCommerce plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Crowdfunding for WooCommerce versions = 3.1.14...

KLA85943 PE vulnerability in Microsoft Developer Tools

An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47158 Related products Microsoft-Azure CVE list CVE-2025-47158 critical Solution Install necessary updates from the KB...

WordPress Knowledge Base plugin <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Slug vulnerability discovered by Đỗ Quang Huy in WordPress Plugin Knowledge Base versions = 2.3.1...

WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Responsive Addons for Elementor versions = 1.7.3...

WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetPopup versions = 2.0.15...

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

Paris, France, 15th July 2025, CyberNewsWire...

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.3 release.

Red Hat Developer Hub 1.5.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning

The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...

[SECURITY] Fedora 41 Update: python-requests-2.32.4-1.fc41

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...