[SECURITY] Fedora 41 Update: php-8.3.23-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Magento 2 Shipping Automation: Cut Costs While Enhancing Customer Experience

Disclosure: The information in this article highlights Elsner’s Magento development offerings and related solutions...

The vulnerability of the IBM Cloud DevOps server’s Jenkins plugin, related to the storage of keys in an open manner, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the IBM Cloud DevOps server’s Jenkins plugin lies in the fact that keys are stored publicly in the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Understanding the NCSC’s New API Security Guidance

Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre NCSC has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that...

Information Disclosure

@cloudflare/vite-plugin is vulnerable to information disclosure. The vulnerability is due to the default configuration exposing all files via the local development server, which allows an attacker to access sensitive files like .env and .dev.vars that may contain secrets...

Building Serverless Apps with Spin and HTMX

A tutorial on building serverless applications using Fermyon Spin and htmx, demonstrating a shopping list app with a Rust back end and htmx-enhanced front end...

PT-2025-30105 · Npm · @Cloudflare/Vite-Plugin

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

CVE-2025-3264 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getimports function within dynamicmoduleutils.py. This vulnerability affects versions 4.49.0 and is fixed in version 4.51.0. The issue arises from a regular...

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

libetebase-devel-0.5.8-1.1 on GA media (moderate)

libetebase-devel-0.5.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:15238-1 Rating: moderate Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-3416 SUSE : 6.3...

CVE-2025-38187 drm/nouveau: fix a use-after-free in r535_gsp_rpc_push()

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535gsprpcpush The RPC container is released after being passed to r535gsprpcsend. When sending the initial fragment of a large RPC and passing the caller's RPC container, the container will b...

SAMEP: a Secure Protocol for Persistent Context Sharing across AI Agents

Current AI agent architectures suffer from ephemeral memory limitations, preventing effective collaboration and knowledge sharing across sessions and agent boundaries. We introduce SAMEP Secure Agent Memory Exchange Protocol, a novel framework that enables persistent, secure, and semantically...

Model Context Protocol Python SDK 安全漏洞

Model Context Protocol Python SDK is a Model Context Protocol open source development tool for Model Context Protocol servers and clients. A security vulnerability exists in the Model Context Protocol Python SDK prior to version 1.9.4, which stems from an unhandled exception when handling malform...

OPENSUSE-SU-2025:15239-1 libgcrypt-devel-1.11.1-2.1 on GA media

These are all security issues fixed in the libgcrypt-devel-1.11.1-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-20309

A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that...

CVE-2025-48991

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...

PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior to version 16.8.99.1749830289 and Tuleap Enterprise Edition prior to version 16.9-1 to trick victims...

CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...