Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)

Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.0.0 Vulnerability Details CVEID:CVE-2023-36807 DESCRIPTION: pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5...

编号撤回

req, etc. are products of roc individual developers. req is a simple Go HTTP client that uses Black Magic. brian smith ring, etc. are products of brian smith individual developers. ring is a library. ico doornekamp duc, etc. are products of Ico Ico Doornekamp duc and others are products of Ico...

CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...

hfly 安全漏洞

hfly is a travel website by baowzh individual developer. A security vulnerability exists in hfly, which originates from a flaw in the file /admin/index.php/advtext/add of the component advtext Module, which could lead to a cross-site scripting attack...

MAL-2025-192412 Malicious code in meteor-developer-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150affd8ab309ef6631d484dbd5f086a709aaf97cae168d6a0a8a966327c32f4 The package meteor-developer-oauth was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview meteor-developer-oauth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

EUVD-2025-202364

Malicious code in meteor-developer-oauth npm...

Malicious code in meteor-developer-oauth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150affd8ab309ef6631d484dbd5f086a709aaf97cae168d6a0a8a966327c32f4 The package meteor-developer-oauth was found to contain malicious code. Source: ghsa-malware...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.

Red Hat Developer Hub 1.8.1 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

📄 Azure APIM 2 Vulnerability Checker

This PHP script is a full vulnerability scanner with proof of concepts for Azure API Management APIM instances, focusing on the possibility of cross‑tenant account signup bypass through the Basic Auth Identity Provider...

A Bootiful Podcast: Dan Vega on the fundamentals of software engineering

Hi, Spring fans! I'm so excited to chat with fellow Spring developer advocate Dan Vega about his new book, Fundamentals of Software Engineering...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a DevTools mal-implementation, which can be exploited by an attacker to sandbox escape by convincing a user to install a malicious extension, possibly using a...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.3 release.

Red Hat Developer Hub 1.7.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Malicious Package

Overview node-tailwind is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...

Malicious Package

Overview tailwindcss-bootstrap-color is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of th...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...