CVE-2025-30359 webpack-dev-server users' source code may be stolen when they access a malicious web site

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

PT-2025-23649 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to obtain source code via a method similar to that used to exploit a previously reported vulnerability. This is possible because webpack-dev-server always...

webpack-dev-server 安全漏洞

webpack-dev-server is a webpack open source application that provides webpack. A security vulnerability exists in webpack-dev-server versions prior to 5.2.1, which stems from the possibility of source code theft when a user visits a malicious website...

webpack-dev-server 访问控制错误漏洞

webpack-dev-server is a webpack open source application that provides webpack. An access control error vulnerability exists in webpack-dev-server versions prior to 5.2.1, which stems from the possibility of source code theft when visiting a malicious website using a non-Chromium-based browser...

PT-2025-23648 · Unknown · Webpack-Dev-Server

Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 5.2.1 Description: The issue allows an attacker to steal users' source code when they access a malicious website. This is possible because the request for a classic script by a script tag is not subject to...

I2P 2.9.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

CVE-2025-48491

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48068

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48491 Project AI API Key Exposure in Source Code

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version...

CVE-2025-48068

CVE-2025-48068 affects Next.js up to versions before 14.2.30 and before 15.2.2, where the dev server with App Router enabled could expose limited source code when a user visits a malicious page while npm run dev is active. The issue is restricted to local development environments and has been pat...

CVE-2025-48068 Information exposure in Next.js dev server due to lack of origin verification

Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 13.0 through 15.2.2, which stems from a possible source code leak when the App Router is enabled on the development server...

PT-2025-23134 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 13.0 through 15.2.2 Description: Next.js is a React framework for building full-stack web applications. In affected versions, Next.js may have allowed limited source code exposure when the dev server was running with the App...

CVE-2025-33079

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...

CVE-2025-33079

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...

CVE-2025-33079 IBM Controller information disclosure

IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code...

CVE-2025-33079

Summary of CVE-2025-33079 (IBM Controller information disclosure) Affected products: IBM Controller: version 11.1.0 (and IBM Cognos Controller 11.0.0 – 11.0.1). Root cause / vulnerability: An authenticated user could obtain sensitive credentials that may be inadvertently included within the sourc...

Transformers in Protein: a Survey

As protein informatics advances rapidly, the demand for enhanced predictive accuracy, structural analysis, and functional understanding has intensified. Transformer models, as powerful deep learning architectures, have demonstrated unprecedented potential in addressing diverse challenges across...

PT-2025-23484 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.0.4 Description: The issue allows source code stored on the web server to potentially aid in further attacks against the system. Recommendations: For versions 11.2.0 through 12.0.4, consider...