Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003629 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

PT-2026-2441

Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...

CVE-2019-11651

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...

CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...

CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...

CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...

CVE-2023-4317

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch ...

CVE-2023-40691

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805...

CVE-2025-23701

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

pss.sale.com 安全漏洞

pss.sale.com is a merchandising system by the individual developer XiaoLiuChu in China. A security vulnerability exists in version 1.0 of pss.sale.com, which stems from an incorrect manipulation of the parameter id in the endpoint userfiles/php/cancelorder.php, which could lead to a SQL injection...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.4 release.

Red Hat Developer Hub 1.7.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to compromise Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could...

Securing the AI Supply Chain: What Can We Learn from Developer-Reported Security Issues and Solutions of AI Projects?

The rapid growth of Artificial Intelligence AI models and applications has led to an increasingly complex security landscape. Developers of AI projects must contend not only with traditional software supply chain issues but also with novel, AI-specific security threats. However, little is known...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...

XCMS 代码问题漏洞

XCMS is a CMS website builder system by JackQ individual developers. A code issue vulnerability exists in XCMS, which stems from an incorrect operation of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php, which could lead to unlimited uploads...

XCMS 代码问题漏洞

XCMS is a CMS website builder system by JackQ Individual Developer. A code issue vulnerability exists in jackq XCMS, which stems from an incorrect manipulation of the parameter File in the file Admin/Home/Controller/ProductImageController.class.php, which could lead to unlimited uploads...

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...