Lucene search
+L

95 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-29135

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.00567EPSS
Exploits0References2
CNVD
CNVD
added 2025/09/19 12:0 a.m.6 views

JetBrains TeamCity Credentials Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a credential disclosure vulnerability that...

7.7CVSS6.7AI score0.00752EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/18 12:0 a.m.7 views

JetBrains TeamCity < 2025.07.2 Information Disclosure (Windows)

The version of JetBrains TeamCity installed on the remote Windows host is prior to 2025.07.2. It is, therefore, affected by an information disclosure vulnerability due to missing Git URL validation. An authenticated, remote attacker can exploit this to cause credential leakage. Note that Nessus h...

7.7CVSS5.6AI score0.00752EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 9:15 a.m.5 views

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...

7.7CVSS5.8AI score0.00752EPSS
Exploits0References1
NVD
NVD
added 2025/09/17 9:15 a.m.8 views

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...

7.7CVSS0.00752EPSS
Exploits0References1
CVE
CVE
added 2025/09/17 9:4 a.m.21 views

CVE-2025-59457

CVE-2025-59457 affects JetBrains TeamCity before 2025.07.2. The issue is a missing Git URL validation that can lead to credential leakage on Windows. Root cause: lack of proper validation for Git URLs. Impact: potential disclosure of credentials (high confidentiality impact) with network attack v...

7.7CVSS6.5AI score0.00752EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/17 9:4 a.m.3 views

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...

7.7CVSS6.5AI score0.00752EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/17 9:4 a.m.8 views

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...

7.7CVSS0.00752EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.9 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a credential disclosure vulnerability that...

7.7CVSS6.6AI score0.00752EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.7 views

PT-2025-38135

Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.2 Description: A missing Git URL validation in TeamCity allowed credential leakage on Windows systems. Recommendations: Update TeamCity to version 2025.07.2 or later...

7.7CVSS6.4AI score0.00752EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2025/08/28 12:0 a.m.345 views

📄 Coolify 4.0.0-beta.420.6 Command Injection

Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a critical remote code execution flaw in the project deployment workflow. The platform allows authenticated users, with low-level privileges, to inject arbitrary shell commands via the Git Repository URL field during...

9.4CVSS8.9AI score0.03691EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/08/25 11:21 a.m.85 views

Exploit for CVE-2025-34161

| Field | Value | |-------------|...

9.4CVSS9AI score0.03691EPSS
Exploits3
Cvelist
Cvelist
added 2025/06/30 8:45 p.m.8 views

CVE-2025-49520 Event-driven-ansible: authenticated argument injection in git url in eda project creation

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

8.8CVSS0.00484EPSS
Exploits0References3
CVE
CVE
added 2025/06/30 8:45 p.m.57 views

CVE-2025-49520

CVE-2025-49520 affects Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to git ls-remote, enabling an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift, this can lead to service accou...

8.8CVSS6.9AI score0.00484EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/06/14 2:56 a.m.4 views

SUSE CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.1AI score0.00157EPSS
Exploits0References23
OSV
OSV
added 2025/06/13 9:30 a.m.6 views

GHSA-FCR4-H6C4-RVVP Salt's on demand pillar functionality vulnerable to arbitrary command injections

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.3AI score0.00157EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.12 views

Salt's on demand pillar functionality vulnerable to arbitrary command injections

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS6.6AI score0.00157EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/06/13 7:15 a.m.11 views

CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 6:55 a.m.4 views

CVE-2025-22237 CVE-2025-22237 salt advisory

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.3AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:52 a.m.14 views

CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

7.5CVSS6.7AI score0.01033EPSS
Exploits1References1
Rows per page
Query Builder