20 matches found
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page...
CVE-2025-31140
creationtimestamp| type| source ---|---|--- 2025-03-27 12:26:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9062 2025-03-27 14:58:30+00:00| seen| https://t.me/cvedetector/21281...
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page...
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page...
CVE-2025-31140
JetBrains TeamCity before 2025.03 is vulnerable to stored cross-site scripting on the Cloud Profiles page (CVE-2025-31140). The issue allows injected scripts to be stored and rendered when the Cloud Profiles page is viewed. Affected software is JetBrains TeamCity; the root cause is stored XSS on ...
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page...
CVE-2022-31140
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2023-31140
creationtimestamp| type| source ---|---|--- 2023-05-09 00:38:11+00:00| seen| https://t.me/cibsecurity/63470...
CVE-2023-31140 OpenProject user sessions not terminated after activation of 2FA
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...
CVE-2023-31140
OpenProject Open Source PM software, affected in versions 7.4.0 through 12.5.4 where, after registering and confirming the first 2FA device (or when an admin creates a mobile 2FA device for a user), existing user sessions are not terminated. The root cause is a failure to terminate active session...
CVE-2022-31140
creationtimestamp| type| source ---|---|--- 2022-07-12 00:19:37+00:00| seen| https://t.me/cibsecurity/45947...
CVE-2022-31140
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...
CVE-2022-31140 Valinor error messages leading to potential data exfiltration
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...
CVE-2022-31140
Valinor (PHP) prior to version 0.12.0 exposes sensitive error data by allowing Throwable#getMessage() to be accessed. This can reveal SQL snippets, database credentials (IP, username/password), and other details in exception messages, enabling information disclosure, potential data exfiltration, ...
CVE-2022-31140 Valinor error messages leading to potential data exfiltration
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...
CVE-2021-31140
...
CVE-2021-31140
CVE-2021-31140 is rejected/not used; this CVE entry does not represent an active vulnerability.