7326 matches found
MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API
The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...
PT-2026-39890
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description The mc issue update function allows users with update bug threshold access UPDATER to edit, change the view state, and modify time tracking on bugnotes belonging to other users...
CVE-2026-8018
An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498292657...
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...
Security Bulletin: Vulnerabilities found in Java SE affect Rational Business Developer
Summary There are vulnerabilities in Java SE including Oracle January 2026 CPU used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused ...
CVE-2026-43581
OpenClaw before 2026.4.10 contains an improper network binding vulnerability in the sandbox browser CDP relay that exposes Chrome DevTools Protocol on 0.0.0.0. Attackers can access the DevTools protocol outside intended local sandbox boundaries by exploiting the overly broad binding configuration...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Rational Business Developer.
Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - July 2022. Vulnerability Details CVEID:CVE-2022-21541...
KLA91028 OSI vulnerability in Microsoft Developer Tools
An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2026-42826 Exploitation Related products Microsoft-Azure CVE list CVE-2026-42826 critical Solution Install...
EUVD-2026-28053
Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8008
Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-7975
Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8006
Google Chrome prior to 148.0.7778.96 contains a vulnerability in DevTools where insufficient policy enforcement allows UI spoofing if a user installs a crafted extension. Affected: DevTools UI handling within Chrome’s browser environment (Chrome 148 before the patch). Root cause: insufficient pol...
CVE-2026-7915
Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...
Critical: Red Hat Security Advisory: Red Hat Developer Hub 1.9.4 release.
Red Hat Developer Hub 1.9.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Pixel Update Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of or later address all issues in this bulletin and all issues in the May 2026 Android Security Bulletin. ...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in DevTools, allowing attackers who persuade users to install malicious extensions to leak...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of DevTools policies, which could allow attackers to bypass navigation restrictions by convincing use...
Astra Linux - уязвимость в chromium
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в firefox
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox versions earlier than 110...
Astra Linux - уязвимость в firefox
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...