[SECURITY] Fedora 42 Update: python-jinja2-3.1.6-1.fc42

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects...

KLA81542 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability in .N...

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

SafeWallet has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper...

Linux Distros Unpatched Vulnerability : CVE-2024-29180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently...

CVE-2025-1424 Privilege Escalation Through SUID Binary and Developer Mode

A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671...

Malicious code in bybit-dev (npm)

--- -= Per source details. Do not edit below this line.=-...

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

zz 注入漏洞

zz is an e-commerce platform by the individual developer of zj1983. An injection vulnerability exists in zj1983 zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-43.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.

Red Hat Developer Hub 1.4.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

PT-2025-25577 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 16181.27.0 Description: The issue allows a local attacker to bypass permissions in Extension Management, enabling them to disable extensions and access Developer Mode. This can lead to the loading of additional...

pb-cms 安全漏洞

pb-cms waterfall content management system is a content management system by LinZhaoguan Personal Developer. A security vulnerability exists in pb-cms version 2.0, which stems from a cross-site request forgery...

UBUNTU-CVE-2022-49125

In the Linux kernel, the following vulnerability has been resolved: drm/sprd: fix potential NULL dereference 'drm' could be null in sprddrmshutdown, and drmwarn maybe dereference it, remove this warning log. v1 - v2: - Split checking platformgetresource return value to a separate patch - Use...

Hackers Exploit Fake GitHub Repositories to Spread GitVenom Malware

Kaspersky's Securelist exposes the GitVenom campaign involving fake GitHub repositories to distribute malware. Targeting developers with seemingly legitimate…...

[SECURITY] Fedora 40 Update: python3.9-3.9.21-4.fc40

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Mozilla: Mozilla VPN Clients: RCE via file write and path traversal

The report describes a path traversal vulnerability in the Mozilla VPN client software that allowed for remote code execution. The vulnerability was found in the "livereload" command of the client's inspector feature, which could be accessed when the client was in developer mode with "Use Staging...

The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer Infrastructure

Learn how Wiz for ASPM extends security to developer infrastructure by continuously enforcing secure defaults and detecting threats across the software supply chain...

(RHSA-2025:1454) Moderate: Update Red Hat Developer Hub 1.3 to mitigate relevant CVEs

The Red Hat Developer Hub 1.3 on RHEL 9 container image has been updated to address the following CVEs: - CVE-2025-22150 Users of Red Hat Developer Hub 1.3 on RHEL 9 container images are advised to upgrade to these updated images, which contain patches to mitigate the listed CVEs. Users of these...

KLA80110 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual Studio Co...