KLA78978 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution...

Privilege Escalation

github.com/openshift/hive is vulnerable to Privilege Escalation. The vulnerability is due to improper access control in the Hive ClusterDeployments resource, which, under certain conditions, allows a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing...

HouseRent 安全漏洞

HouseRent is a house rental management system by Mr.W individual developer. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in HouseRent version 1.0, which stems from unknown functionality in the file src/main/java/com/house/wym/controller/AdminController.java tha...

1Password - Enterprise Password Manager: API Key Exposed in JavaScript File on 1Password Developer Site

An API key has been exposed in the JavaScript file accessible via the public developer documentation for 1Password. This exposure could potentially allow unauthorized access to APIs or services that rely on this key, leading to a range of security issues, including data leakage or unauthorized...

Hello DCO, Goodbye CLA: Simplifying Contributions to Spring

The Spring team will be rolling out a simplified contribution process that replaces the requirement to sign a Contributor License Agreement CLA with a Developer Certificate of Origin DCO. The process will start this week with Spring Framework, Spring Security, & Spring Boot and then roll out to t...

CVE-2024-25133

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod...

A Bootiful Podcast: Intact's Luke Shannon

Hi, Spring fans! and happy holidays! in this installment I talk to Intact's Luke Shannon about their use of Spring, developer portals, and so much more...

changedetection.io 安全漏洞

changedetection.io is a website change detection, monitoring and notification application by dgtlmoon individual developer. A security vulnerability exists in changedetection.io that stems from improper input validation...

Malicious code in mattermost-developer-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f5ce1bed6d6701617a1c4d5125a25fb8a534572644617c724fa576c1244ab4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful...

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service RaaS operation since its inception in or around 2019 through at least February 2024. Rostislav Panev , 51, was arrested in Israel earlier...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.

Red Hat Developer Hub 1.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

Low: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.3 bugfix release

Red Hat Developer Hub 1.3.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2024-54287

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Best WP Developer Advanced Blog Post Block advanced-blog-post-block allows Stored XSS.This issue affects Advanced Blog Post Block: from n/a through = 1.0.4...

[SECURITY] Fedora 40 Update: python3.9-3.9.21-1.fc40

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

A Bootiful Podcast: Intact's Luke Shannon

Hi, Spring fans! and happy holidays! in this installment I talk to Intact's Luke Shannon about their use of Spring, developer portals, and so much more...

KLA78026 ACE vulnerability in Microsoft Developer Tools

A remote code vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2024-49063 Related products Microsoft-Dynamics-365 CVE list CVE-2024-49063 high Solution Install necessary updates from the KB...

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...