CVE-2024-11931 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...

CVE-2024-11931

GitLab CVE-2024-11931 affects GitLab CE/EE versions 17.0–17.6.3, 17.7–17.7.2, and 17.8–17.8.0, enabling developers to exfiltrate protected CI variables via CI lint under certain conditions. The connected docs do not provide a detailed root cause beyond the issue description. A patch release (GitL...

PT-2025-1718 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.0 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.2 GitLab CE/EE versions 17.8 through 17.8.0 Description: An issue has been discovered in GitLab CE/EE that affects users with a developer role, allowing them to...

A Bootiful Podcast: Java Developer Advocate Billy Korando on JavaOne 2025, Java 24, and so much more

Hi, Spring fans! in this installment I talk to Java developer advocate Billy Korando about the latest and greatest in the amazing Java ecosystem! java JavaOne Oracle...

CVE-2025-23701

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

CVE-2025-23701

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

CVE-2025-23701 WordPress Lime Developer Login plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matthew Blackford, LimeSquare Pty Ltd Lime Developer Login allows Reflected XSS. This issue affects Lime Developer Login: from n/a through 1.4.0...

CVE-2025-23701

CVE-2025-23701 describes a Reflected XSS in Lime Developer Login (Lime Developer Login by LimeSquare Pty Ltd) caused by improper neutralization of input during web page generation. Affected: Lime Developer Login, version range v1.0 through v1.4.0 (as stated). The Red Hat CVE record confirms the s...

CVE-2025-23701 WordPress Lime Developer Login plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

[SECURITY] Fedora 40 Update: python-jinja2-3.1.5-1.fc40

Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with...

WordPress plugin Lime Developer Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5036 · Unknown · Lime Developer Login

Name of the Vulnerable Software and Affected Versions: Lime Developer Login versions 1.4.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.1 release.

Red Hat Developer Hub 1.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

MAL-2025-214 Malicious code in opensea-developer-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 692ba66619407967d692be9c0e70b5b297806cf1e398766ee1556657af6feba1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in opensea-developer-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 692ba66619407967d692be9c0e70b5b297806cf1e398766ee1556657af6feba1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-52870

CVE-2024-52870 concerns Teradata Vantage Editor 1.0.1, which is primarily a SQL editor but exposes unintended functionality, including Chromium Developer Tools, that can let a client user access arbitrary remote websites. The Red Hat/NVD entries confirm the affected product and behavior; the issu...

PT-2025-2938 · Teradata · Teradata Vantage Editor

Name of the Vulnerable Software and Affected Versions: Teradata Vantage Editor version 1.0.1 Description: The issue concerns unintended functionality in the software, including the presence of Chromium Developer Tools, which can allow a client user to access arbitrary remote websites. This can...

CVE-2024-52870

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality including Chromium Developer Tools that can result in a client user accessing arbitrary remote websites...

CVE-2024-52870

Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality including Chromium Developer Tools that can result in a client user accessing arbitrary remote websites...

WordPress Lime Developer Login plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Lime Developer Login versions = 1.4.0...