JetBrains TeamCity 竞争条件问题漏洞

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a competitive condition vulnerability that...

PT-2025-38133

Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.2 Description: A race condition allowed for a project isolation bypass in TeamCity. Recommendations: Update to TeamCity version 2025.07.2 or later...

Exploit for SQL Injection in Glpi-Project Glpi

CVE-2025-247...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

com.aizuda:snail-job-client-common (>=1.7.2 <=1.8.0-jdk8), com.aizuda:snail-job-client-job-core (>=1.7.2 <=1.8.0-jdk8) +70 more potentially affected by CVE-2025-59328 via org.apache.fory:fory-core (>=0.11.0 <=0.12.1)

org.apache.fory:fory-core MAVEN version =0.11.0, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.7.2, =1.8.0-beta1 and more Source cves: CVE-2025-59328 Source advisory: SNYK:JAVA-ORGAPACHEFORY-12705076...

serde_yml crate is unsound and unmaintained

Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...

CVE-2025-10425

A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/studentcontroller.php. Such manipulation of the argument newimage leads to unrestricted upload. The attack m...

Explorance Blue 安全漏洞

Explorance Blue is a learning experience management software from Explorance Canada. A security vulnerability exists in Explorance Blue version 8.1.2, which stems from the Group name and Project Description input fields not properly filtering input, which could lead to a cross-site scripting atta...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-52344

The CVE-2025-52344 entry concerns Explorance Blue 8.1.2, where multiple XSS vulnerabilities exist in input fields (Group name and Project Description). The root cause is insufficient input filtering in these fields, allowing arbitrary JavaScript to execute in a user’s browser. Impact is described...

1000 Projects Online Student Project Report 代码问题漏洞

1000 Projects Online Student Project Report is an online student project reporting system from 1000 Projects open source. A code issue vulnerability exists in 1000 Projects Online Student Project Report Submission and Evaluation System version 1.0, which originates from an incorrect operation of...

1000 Projects Online Student Project Report 代码问题漏洞

1000 Projects Online Student Project Report is an open source online student project reporting system from 1000 Projects. A code issue vulnerability exists in version 1.0 of 1000 Projects Online Student Project Report, which stems from an incorrect manipulation of the parameter newimage in the fi...

PT-2025-37729

Name of the Vulnerable Software and Affected Versions Explorance Blue version 8.1.2 Description Explorance Blue version 8.1.2 contains multiple Cross Site Scripting XSS vulnerabilities in input fields. These vulnerabilities allow attackers to inject arbitrary JavaScript code into a user’s browser...

Exploit for CVE-2016-4655

This is a PoC exploit for iOS 9.3.5, targeting CVE-2016-4655 and CVE-2016-4656. The exploit aims to gain root access over the device by exploiting kernel vulnerabilities. The supported devices are listed in offsetfinder.h. The exploit is based on the original disclosure by Lookout and the OS X...

gosec

This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...

JNDIExploit

This is a Java-based exploit tool for JNDI Java Naming and Directory Interface injection vulnerabilities. The tool is designed to inject a payload into the JNDI repository, allowing an attacker to execute arbitrary code on the target system. The tool is based on the Rogue JNDI project and support...

crypto: x86/aegis - Add missing error checks

...

[SECURITY] Fedora 43 Update: rust-crypto-auditing-agent-0.2.3-5.fc43

Event collector agent for crypto-auditing project...

SUSE CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...