CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

CVE-2025-67739

JetBrains TeamCity is affected if running a version prior to 2025.11.2. The CVE-2025-67739 issue is caused by improper validation of repository URLs, which could allow disclosure of local file paths. The Nessus and vendor entries corroborate that older TeamCity builds are vulnerable to local path...

PT-2025-50625

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

CVE-2020-20627

creationtimestamp| type| source ---|---|--- 2025-12-08 05:34:55+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-20627.yaml 2025-12-09 21:02:27+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m7lgxdps5a2e...

Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank

Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...

CVE-2025-66448

A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository...

EUVD-2025-201259

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

org.sonatype.nexus.api.extdirect:nexus-api-extdirect-selfhosted (>=3.83.0-08 <=3.86.3-01), org.sonatype.nexus.api.rest:nexus-api-rest-common (>=3.83.0-08 <=3.86.3-01) +4 more potentially affected by CVE-2025-13488 via org.sonatype.nexus.plugins:nexus-blobstore-s3 (>=3.83.0-08 <=3.86.3-01)

org.sonatype.nexus.plugins:nexus-blobstore-s3 MAVEN version =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.86.3-01 Source cves: CVE-2025-13488 Source advisory: SNYK:JAVA-ORGSONATYPENEXUSPLUGINS-14221327...

CVE-2025-13488

The CVE-2025-13488 entry concerns Sonatype Nexus Repository 3 where a regression in version 3.83.0 stops applying a security header to certain user-uploaded content served from repositories, enabling stored XSS with user context. Affected component is the Nexus Repository 3 plugin chain handling ...

CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS)

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS)

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

SAP-Nuclei-Templates

SAP-Nuclei-Templates Nuclei Templates fo...

CVE-2025-41080 Multiple vulnerabilities in Seafile

A stored Cross-Site Scripting XSS vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/'...

Adobe Experience Manager (AEM) CRX Content Explorer

This plugin detects the presence of the Adobe Experience Manager AEM CRX Content Explorer interface. The CRX Content Explorer is a web-based interface used to manage and interact with the content repository of Adobe Experience Manager. No source data...

Adobe Experience Manager (AEM) CRX Namespace Editor Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM CRX Namespace Editor panel on a web application. The CRX Namespace Editor panel is part of the AEM's content repository management interface, allowing administrators to manage namespaces and node types within the repository...

PT-2025-49112

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...