Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the leconnrsp process. An attacker can cause a denial of service by sending an out-of-context Bluetooth Low Energy connection response when no connection request was initiated...

JetBrains TeamCity Path Traversal Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a path traversal vulnerability that stems...

JetBrains TeamCity Competitive Conditions Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a competitive condition vulnerability that...

CVE-2025-10672 whuan132 AIBattery com.collweb.AIBatteryHelper BatteryXPCService.swift missing authentication

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach...

Invoke 安全漏洞

Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. A security vulnerability exists in Invoke v6.0.0a1 and earlier versions, which stems from the GET /api/v1/images/download/bulkdownloaditemname endpoint that does not properly handle the filename...

JetBrains TeamCity < 2025.07.2 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.07.2. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to a race condition. CVE-2025-59455 - In...

CVE-2025-59410

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

CVE-2025-59354

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

CVE-2025-59346 Dragonfly server-side request forgery vulnerability

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2’s components to make requests to internal services that are otherwise not accessible to...

CVE-2025-59455

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition...

CVE-2025-59455

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition...

CVE-2025-59456

In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload...

CVE-2025-59456

CVE-2025-59456 affects JetBrains TeamCity prior to 2025.07.2, where path traversal was possible during project archive upload. The vulnerability is caused by insufficient filtering of path elements when uploading a project archive, enabling access/manipulation of files via crafted archive paths. ...

CVE-2025-59455

CVE-2025-59455 affects JetBrains TeamCity. Before 2025.07.2, a race-condition could bypass project isolation. Impact is isolation bypass for affected TeamCity deployments. Remediation: upgrade to TeamCity 2025.07.2 or later (as indicated by PT Security advisory and related sources).

CVE-2025-59455

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition...

CVE-2025-59455

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition...

MAL-2025-47419 Malicious code in webpikes (npm)

The package webpikes was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a path traversal vulnerability that stems...