Lucene search
K

2260 matches found

OSV
OSV
added 2025/04/22 5:14 p.m.5 views

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS6.5AI score0.00592EPSS
Exploits0References11
Akamai Blog
Akamai Blog
added 2025/04/15 12:0 p.m.8 views

What Are the Benefits of a Microservices Architecture?

...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/11 12:0 a.m.5 views

The vulnerability of the Microsoft Visual Studio software development tool, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Visual Studio software development tool is related to lack of access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.3CVSS7.6AI score0.01134EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/02 4:53 p.m.16 views

CVE-2025-30209

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS6.8AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/02 4:53 p.m.20 views

CVE-2025-30203

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

4.8CVSS6.1AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/02 4:52 p.m.21 views

CVE-2025-29766

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up...

4.6CVSS7.1AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 4:15 p.m.10 views

CVE-2025-29929

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

4.6CVSS0.00178EPSS
Exploits0References4
CVE
CVE
added 2025/03/31 3:58 p.m.91 views

CVE-2025-30155

CVE-2025-30155 affects Tuleap: the REST API did not enforce read permissions on parent trackers, allowing potential unauthorized visibility. Affected versions include Tuleap Community Edition prior to 16.5.99.1742392651 and Tuleap Enterprise Edition prior to 16.5-5 and 16.4-8. The issue is resolv...

4.3CVSS6.7AI score0.00287EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 3:53 p.m.12 views

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS5.1AI score0.00326EPSS
Exploits0References4
OSV
OSV
added 2025/03/31 3:53 p.m.19 views

CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tule...

5.3CVSS6.7AI score0.00326EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/31 3:48 p.m.27 views

CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

4.8CVSS0.00264EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/31 3:40 p.m.7 views

CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

4.6CVSS4.7AI score0.00178EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.6 views

The vulnerability of the PCX Image development platform’s SDP code allows attackers to execute arbitrary code.

The vulnerability of the PCX Image development platform’s SDP code base relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

10CVSS6.4AI score0.00609EPSS
Exploits0References2Affected Software1
Microsoft Secure
Microsoft Secure
added 2025/03/11 4:0 p.m.7 views

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild during routine threat hunting. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/06 6:56 p.m.11 views

CVE-2025-27156

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

5.4CVSS6.8AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 6:55 p.m.18 views

CVE-2025-27402

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

4.6CVSS7AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/06 6:55 p.m.18 views

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

6.5CVSS7.1AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2025/03/04 5:15 p.m.7 views

CVE-2025-27401

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

4.6CVSS0.00295EPSS
Exploits1References3
OSV
OSV
added 2025/03/04 5:0 p.m.18 views

CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

4.6CVSS6.7AI score0.00154EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/04 4:58 p.m.9 views

CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

4.6CVSS4.6AI score0.00295EPSS
Exploits1References3
Rows per page
Query Builder