PT-2025-20726 · Ibm · Ibm 4769 Developers Toolkit

Name of the Vulnerable Software and Affected Versions: IBM 4769 Developers Toolkit versions 7.0.0 through 7.5.52 Description: The issue allows a remote attacker to cause a denial of service in the Hardware Security Module HSM due to improper memory allocation of an excessive size. Recommendations...

wgp 安全漏洞

wgp is a library by Nugine Personal Developers. A security vulnerability exists in wgp version 0.2.0, which stems from a lack of thread synchronization in dropslow...

libmnl bug fix update

An update is available for libmnl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libmnl is a minimalistic user-space library oriented to Netlink developers...

yaoqishan 安全漏洞

yaoqishan DemonQishan is a video management system for Kobe Personal Developers. A security vulnerability exists in yaoqishan version v0.0.1, which stems from improper access control of the /admin/ API and may result in gaining administrator privileges...

CVE-2025-47154

LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that argumentslist references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for u...

SoK: Enhancing Privacy-Preserving Software Development from a Developers' Perspective

In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to support developers embedding privacy into software applications...

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 t...

studentmanager 安全漏洞

studentmanager is a student management system by the individual developers of ZeroWdd. A security vulnerability exists in studentmanager version 1.0, which stems from improper authorization in the file /getTeacherList...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the jobLogId parameter...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the editSave method not properly verifying the requested user privileges, which may result in modification of the system configuration...

ELADMIN 代码问题漏洞

ELADMIN is a backend management system for elunez individual developers. A code issue vulnerability exists in ELADMIN version 2.7 that stems from deserialization...

Hammock AssetView 安全漏洞

Hammock AssetView is an IT asset management tool and information asset management software from Hammock Japan. A security vulnerability exists in Hammock AssetView that originates from data sent to developers that may contain sensitive information...

FreeBSD : electron{33,34} -- Incorrect handle provided in unspecified circumstances in Mojo (01a7e1e1-d249-4dd8-9a4a-ef95b5747afb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 01a7e1e1-d249-4dd8-9a4a-ef95b5747afb advisory. Electron developers report: This update fixes the following vulnerability: Tenable has extracted the...

CVE-2025-2857

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29411

An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-29412

The CVE-2025-29412 entry identifies an XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0. The issue arises from injected payloads in the Name parameter, enabling arbitrary web scripts or HTML execution. Affected component: iBanking v2.0.0, Client Profile Up...