Lucene search
K

1382 matches found

Spring Security Advisories
Spring Security Advisories
added 2025/06/26 12:0 a.m.7 views

A Bootiful Podcast: DevOps and AI luminary Patrick Debois

Hi, Spring, cloud native, and AI fans! In this installment, I had the opportunity to briefly sit down and talk with DevOps and AI luminary Patrick Debois, from the amazing Devoxx UK 2025 show...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 11:32 a.m.11 views

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.0 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to...

9.8CVSS7.8AI score0.06287EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 1:12 p.m.12 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.4 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-46544 DESCRIPTION: Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk...

9.8CVSS7.8AI score0.06287EPSS
Exploits3Affected Software1
hivepro
hivepro
added 2025/06/19 2:0 p.m.2 views

The New Frontline: Why DevOps Became a Cyber Target

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Your developers didn't become...

7.6AI score
Exploits0
HackRead
HackRead
added 2025/06/03 4:42 p.m.5 views

The Role of Continuous Integration and Continuous Deployment (CI/CD) in DevOps

Modern software development demands rapid delivery of high-quality applications that can adapt to changing business requirements and user…...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.4 views

The vulnerability of the Azure DevOps software development tool, related to bypassing authentication using supposedly immutable data, allows attackers to escalate their privileges.

The vulnerability of the Azure DevOps software development tool relates to bypassing authentication using supposedly immutable data. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

10CVSS8AI score0.01533EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/06/02 4:3 p.m.10 views

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity...

7.2CVSS8.2AI score0.93691EPSS
Exploits12
Wiz blog
Wiz blog
added 2025/06/02 2:0 p.m.5 views

DevOps Tools Targeted for Cryptojacking

The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:55 a.m.15 views

CVE-2024-42195

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...

6.8CVSS6.7AI score0.00286EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.6 views

CVE-2024-22347

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS6.5AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.6 views

CVE-2024-22349

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system...

4CVSS6.3AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:6 a.m.6 views

CVE-2024-22348

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS6.2AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:9 p.m.5 views

CVE-2021-21243

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deserialize untrusted data from the request body. These endpoints do not enforce any authentication or authorization checks. This issue may lead to pre-auth RCE. This issue...

10CVSS7.1AI score0.54494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.11 views

CVE-2020-0815

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...

7.5CVSS6.7AI score0.02015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.8 views

CVE-2020-1327

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...

6.1CVSS6.8AI score0.0182EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.6 views

CVE-2020-1326

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

5.4CVSS5.9AI score0.01565EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:1 p.m.11 views

CVE-2020-0700

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

5.4CVSS5.9AI score0.01328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.10 views

CVE-2020-0758

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...

7.5CVSS7AI score0.02015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 a.m.6 views

CVE-2019-0867

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...

6.1CVSS5.6AI score0.02626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 a.m.10 views

CVE-2019-0868

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...

6.1CVSS5.6AI score0.02626EPSS
Exploits0References1
Rows per page
Query Builder