Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003629 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

EUVD-2024-40093

Malicious code in bioql PyPI...

WordPress Crowdfunding for WooCommerce plugin <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Crowdfunding for WooCommerce versions = 3.1.14...

WordPress MapSVG plugin < 8.7.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Anhchangmutrang in WordPress Plugin MapSVG versions 8.7.4...

WordPress Knowledge Base plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Knowledge Base versions = 2.3.0...

WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin EC Authorize.net versions = 0.3.3...

WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Simple Download Counter versions = 2.2...

WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by astra.r3verii in WordPress Plugin Event post versions = 5.9.11...

WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetEngine versions = 3.6.4.1...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...

WordPress Tumult Hype Animations Plugin <= 1.9.11 is vulnerable to Cross Site Scripting (XSS)

Software Tumult Hype Animations Type Plugin Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-30461 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 98402ce486d0 Credits Majed...

Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. Impact A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query...

NSA on Supply Chain Security

The NSA together with CISA has published a long report on supply-chain security: "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.": Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code,...

Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Abstract Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: Customers who have Java based applications, such as Maximo Asse...

Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flo...

Product Releases Should Not Be Scary

Every Product Manager and Software Developer should know that pushing feature updates to production via traditional channels is as archaic as painting on cave walls. The smart are always quick to adapt to new, innovative technologies, and this mindset is exactly what makes normal companies great...

Weak Password Vulnerability in Chien Wang CRM Customer Management System

Thousand Wonders Software is a professional software developer. A weak password vulnerability exists in the Chivan CRM customer management system, which can be exploited by attackers to obtain sensitive information...

Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US

No description provided...

Intel® Processors Software Developer Guidance Advisory

Summary: Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing updated software developer prescriptive guidance to address these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0086 Description: Observable response...

Critical GitLab Flaw Earns Bounty Hunter $20K

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23. It was then disclosed...