WordPress Valuation Calculator plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Valuation Calculator versions = 1.3.2...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...

WordPress Crowdfunding for WooCommerce plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Crowdfunding for WooCommerce versions = 3.1.14...

KLA85943 PE vulnerability in Microsoft Developer Tools

An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47158 Related products Microsoft-Azure CVE list CVE-2025-47158 critical Solution Install necessary updates from the KB...

WordPress Knowledge Base plugin <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Slug vulnerability discovered by Đỗ Quang Huy in WordPress Plugin Knowledge Base versions = 2.3.1...

WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Responsive Addons for Elementor versions = 1.7.3...

WordPress JetPopup plugin <= 2.0.15 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetPopup versions = 2.0.15...

GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows

Paris, France, 15th July 2025, CyberNewsWire...

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.3 release.

Red Hat Developer Hub 1.5.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning

The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...

[SECURITY] Fedora 41 Update: python-requests-2.32.4-1.fc41

Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-47.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2025-53548

Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...

WordPress Contest Gallery plugin <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 26.0.8...

CVE-2025-49756

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally...

Code highlighting with Cursor AI for $500,000

Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on thes...

WordPress WoodMart Theme <= 8.2.5 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-6745 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID db887fae132e Credits stealthcopter Required...

编号撤回

ring is a library by Brian Smith, an individual developer. This CVE number has been withdrawn...