CVE-2021-40527

Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application...

CVE-2021-39944

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A permissions validation flaw allowed group members with a developer role to elevate their privilege ...

CVE-2022-1737

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition...

CVE-2022-1423

Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading...

CVE-2020-26838

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with high developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It i...

CVE-2024-32980

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

Hackers Hide Malware in Fake DeepSeek PyPI Packages

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.18.0 release

Red Hat OpenShift Dev Spaces 3.18 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

Malicious code in developer-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7028f9c0bc3315f11a48ce063889decd60554ce5b93de9380c43cb83f4d1971 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1111 Malicious code in developer-hub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7028f9c0bc3315f11a48ce063889decd60554ce5b93de9380c43cb83f4d1971 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from...

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2024-47554, CVE-2024-45801)

Summary IBM Rational Developer for i contains Code Coverage functionality that is affected by the following two issues. CVE-2024-47554 is a denial of service attack in the Code Coverage PDF Exporter function. CVE-2024-45801 is a remote execution attack in the Code Coverage Reports function. This...

Security Bulletin: IBM Rational Developer for i is vulnerable to a buffer overflow attack (CVE-2024-47072)

Summary IBM Rational Developer for i contains functionality that is affected by the following issue. CVE-2024-47072 is a denial of service attack in the Debugger XML profile serialization function. This bulletin identifies the steps to take to address this vulnerability as described in the...

BIT-GITLAB-2024-11931 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...

PT-2025-1602 · WordPress · The Quiz Maker Business +2

Name of the Vulnerable Software and Affected Versions: The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier Business The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier Developer The Quiz Maker Business,...

PT-2025-1595 · WordPress · The Quiz Maker Developer +2

Name of the Vulnerable Software and Affected Versions: The Quiz Maker Business plugin for WordPress versions up to, and including, 8.8.0 The Quiz Maker Developer plugin for WordPress versions up to, and including, 21.8.0 The Quiz Maker Agency plugin for WordPress versions up to, and including,...

CVE-2024-11931

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...

CVE-2024-11931 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...

CVE-2024-11931 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...