Elfutils 安全漏洞

Elfutils is a collection of utilities and libraries for reading, creating, and modifying ELF binaries from the individual developers at Cuviper. A security vulnerability exists in Elfutils version 0.192. An attacker exploiting this vulnerability could cause a denial of service locally...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by...

[SECURITY] Fedora 41 Update: python-cryptography-43.0.0-4.fc41

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

FileVista 安全漏洞

FileVista is a web file manager from GleamTech Individual Developers. A security vulnerability exists in FileVista version 9.2.0.0 that originates from directory traversal during file uploads and allows remote attackers to execute code, disclose information, and elevate privileges...

A Bootiful Podcast: 'Just Use Postgres!' author Denis Magda

Hi, Spring fans! In this installment we talk to Java and distributed database ninja Denis Magda about his new book, "Just Use Postgres!", which looks at how to wield Postgres for a variety of use cases that an application developer should know...

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The maintainers of the Python Package Index PyPI registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any...

CVE-2025-23202

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The FetchVerse and FetchPassage functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to...

CVE-2025-23202

The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...

Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring...

CISA: AI Cybersecurity Collaboration Playbook

The AI Cybersecurity Collaboration Playbook provides guidance to organizations across the AI community – including AI providers, developers, and adopters – for sharing AI-related cybersecurity information voluntarily with the Cybersecurity and Infrastructure Security Agency CISA and other partner...

CVE-2025-23128

...

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these...

PT-2025-20833

Name of the Vulnerable Software and Affected Versions: GNUScreen version 5.0.1 and earlier Description: The issue affects Linux administrators, cloud engineers, and developers. It is related to a root privilege escalation flaw. Recommendations: For versions prior to 5.0.1, update to version 5.0.1...

path-sanitizer 路径遍历漏洞

path-sanitizer is a simple lightweight npm package from the individual developers at Cabra. A path traversal vulnerability exists in path-sanitizer versions prior to 3.1.0. An attacker could use this vulnerability to access sensitive files or directories on the system...

LGSL 跨站脚本漏洞

LGSL Live Game Server List is a list of live game servers by Neon Personal Developers. A cross-site scripting vulnerability exists in LGSL versions prior to 7.0.0, which stems from vulnerability to cross-site scripting attacks...

PT-2024-29850 · Unknown · Edgecross Basic Software For Windows +1

Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...

[SECURITY] Fedora 41 Update: python3.9-3.9.21-1.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

What’s New for Developers: November 2024

As the holiday season approaches and we bid farewell to another year, there’s no slowing down in developer content and releases...

electron33 -- Inappropriate implementation in Extensions

Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-11110...