[SECURITY] Fedora 41 Update: python3.6-3.6.15-47.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2025-53548

Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...

WordPress Contest Gallery plugin <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 26.0.8...

CVE-2025-49756

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

Code highlighting with Cursor AI for $500,000

Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on thes...

WordPress WoodMart Theme <= 8.2.5 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-6745 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID db887fae132e Credits stealthcopter Required...

编号撤回

ring is a library by Brian Smith, an individual developer. This CVE number has been withdrawn...

WordPress Support Board plugin <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability

Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability discovered by Foxyyy in WordPress Plugin Support Board versions = 3.8.0...

CVE-2025-49756

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability

...

CVE-2025-49756

CVE-2025-49756 affects Microsoft Office Developer Platform. Description states that use of a broken or risky cryptographic algorithm allows an authorized attacker to bypass a security feature locally. Connected PT-2025-28630 references affected platform and notes no explicit fix version informati...

CVE-2025-49756 Office Developer Platform Security Feature Bypass Vulnerability

...

Office Developer Platform Security Feature Bypass Vulnerability

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Premium SEO Pack versions = 3.3.2...

PT-2025-28630

Name of the Vulnerable Software and Affected Versions: Office Developer Platform affected versions not specified Description: The issue concerns the use of a broken or risky cryptographic algorithm in the Office Developer Platform, which allows an authorized attacker to bypass a local security...

KLA85526 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure...

Pixel Update Bulletin—July 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2025-07-05 or later address all issues in this bulletin and all issues in the July 2025 Android Securit...

WordPress WoodMart Theme <= 8.2.3 is vulnerable to Local File Inclusion

Software WoodMart Type Theme Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6746 Patch priority Low CVSS severity Low 7.5 Developer Xtemos PSID fa6d0144ad7f Credits stealthcopter Required privilege Contributor Published 7 Jul...

SUSE CVE-2025-25207

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

SUSE CVE-2025-25208

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster...