Malicious code in developer-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13d76633d0e28457718da249adad23171e53973864ef3e53406c78ced005d3af The OpenSSF Package Analysis project identified 'developer-bridge' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.

Red Hat Developer Hub 1.6.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no...

KLA83571 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A security feature bypas...

WordPress LightPress Lightbox plugin < 2.3.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin WP jQuery Lightbox versions 2.3.4...

WordPress Groundhogg plugin <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Phat Do in WordPress Plugin Groundhogg versions = 4.1.1.2...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

WordPress Contest Gallery plugin <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by stealthcopter in WordPress Plugin Contest Gallery versions = 26.0.6...

KLA83527 PE vulnerability in Microsoft Developer Tools

An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29813 Related products Microsoft-Azure CVE list CVE-2025-29813 critical KB list Solution Install necessary updates from t...

WordPress Ajax Load More plugin <= 7.3.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Ajax Load More versions = 7.3.1.2...

WordPress Meks Flexible Shortcodes plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Meks Flexible Shortcodes versions = 1.3.6...

WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Ryan Kozak in WordPress Plugin Instantio versions = 3.3.16...

WordPress Better Search plugin <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Better Search versions = 4.1.0...

WordPress Product Time Countdown for WooCommerce plugin <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Product Time Countdown for WooCommerce versions = 1.6.2...

WordPress Ultimate WP Mail plugin <= 1.3.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Cost Calculator for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin Cost Calculator for Elementor versions = 1.3.3...

WordPress Listamester plugin <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Listamester versions = 2.3.6...

WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Progress Bar versions = 2.2.3...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...

CVE-2025-20956

Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings...