95 matches found
EUVD-2023-29135
Malicious code in bioql PyPI...
JetBrains TeamCity Credentials Disclosure Vulnerability
JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a credential disclosure vulnerability that...
JetBrains TeamCity < 2025.07.2 Information Disclosure (Windows)
The version of JetBrains TeamCity installed on the remote Windows host is prior to 2025.07.2. It is, therefore, affected by an information disclosure vulnerability due to missing Git URL validation. An authenticated, remote attacker can exploit this to cause credential leakage. Note that Nessus h...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
CVE-2025-59457
CVE-2025-59457 affects JetBrains TeamCity before 2025.07.2. The issue is a missing Git URL validation that can lead to credential leakage on Windows. Root cause: lack of proper validation for Git URLs. Impact: potential disclosure of credentials (high confidentiality impact) with network attack v...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a credential disclosure vulnerability that...
PT-2025-38135
Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.2 Description: A missing Git URL validation in TeamCity allowed credential leakage on Windows systems. Recommendations: Update TeamCity to version 2025.07.2 or later...
📄 Coolify 4.0.0-beta.420.6 Command Injection
Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a critical remote code execution flaw in the project deployment workflow. The platform allows authenticated users, with low-level privileges, to inject arbitrary shell commands via the Git Repository URL field during...
Exploit for CVE-2025-34161
| Field | Value | |-------------|...
CVE-2025-49520 Event-driven-ansible: authenticated argument injection in git url in eda project creation
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...
CVE-2025-49520
CVE-2025-49520 affects Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to git ls-remote, enabling an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift, this can lead to service accou...
SUSE CVE-2025-22237
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
GHSA-FCR4-H6C4-RVVP Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2025-22237
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2025-22237 CVE-2025-22237 salt advisory
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2023-33290
The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...