1393 matches found
CVE-2019-1306
A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...
CVE-2019-0870
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
CVE-2019-0871
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867,...
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rate...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Circumvention of a security measure - Execution of arbitrary code user privileges - Access to sensitive dat...
CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability
...
CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability
...
CVE-2025-29813
CVE-2025-29813 is an elevation of privilege vulnerability in Azure DevOps (Azure DevOps Server). The described flaw is an authentication bypass via assumed-immutable data / spoofable identity claims that could allow an unauthorized user to elevate privileges over the network. Connected sources co...
Azure DevOps Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
PT-2025-20428 · Microsoft · Visual Studio
Name of the Vulnerable Software and Affected Versions: Azure DevOps affected versions not specified Visual Studio affected versions not specified Description: An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully...
Security Bulletin: A Netty vulnerability affects Rational Test Workbench / DevOps Test Workbench ( CVE-2024-47535 )
Summary Rational Test Workbench / Devops Test Workbench are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of...
CVE-2025-0272
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2025-0257
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service...
CVE-2025-0272
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2025-0272
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2025-0272 HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
CVE-2025-0272
CVE-2025-0272 concerns HCL DevOps Deploy / HCL Launch, where an HTML injection vulnerability in the Web UI could let a user embed arbitrary HTML tags and potentially disclose sensitive information. The issue is documented across multiple sources (NVD, Red Hat, CVE records) with the core impact de...
CVE-2025-0272 HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure...
HCL Launch和HCL DevOps Deploy 安全漏洞
HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...
PT-2025-14767 · Hcl · Hcl Devops Deploy +1
Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue allows a user to embed arbitrary HTML tags in the Web UI, potentially leading to sensitive information disclosure. This is due to an HTML injection...