492 matches found
PT-2025-40045
Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...
CVE-2025-11089
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...
Jenkins Unauthenticated Access
Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying application. If authentication is not enforced, an attacker can gain administrative access to Jenkins, potentially allowing for the execution of arbitra...
GoCD Unauthenticated Access
GoCD is an open-source continuous delivery server. When accessible without authentication, an attacker can gain unauthorized access to the GoCD interface, potentially leading to information disclosure or further exploitation of the system. No source data...
CVE-2025-10946
CVE-2025-10946 affects nuz007 smsboom; the vulnerability is in an unknown function within dy.php where manipulating the hm argument triggers cross-site scripting. Remote exploitation is possible. The Product uses rolling releases, so no specific affected/updated version details are provided in th...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]
Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...
PT-2025-37443
Name of the Vulnerable Software and Affected Versions: newbee-mall versions prior to 613a662adf1da7623ec34459bc83e3c1b12d8ce7 Description: A vulnerability exists in newbee-mall related to improper authorization. The issue affects the paySuccess function within the /paySuccess file of the Order...
IBM MQ 安全漏洞
IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and validated messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM MQ that stems from storing passwords in client configuratio...
Malicious code in react-airbnb-prettier (npm)
The package react-airbnb-prettier was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 8dfaae080b90705a47740e1ced1edacf0110db947f0f26fdd35e2805a2886d37 This package installs a dependency hosted on a custom domain that...
MAL-2025-14196 Malicious code in airbnb-relaxed (npm)
The package airbnb-relaxed was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 1b6a5e736a13af63369b9867066a010eb0cb881853407342fe42c472c919dd3c This package installs a dependency hosted on a custom domain that runs an...
CVE-2025-8752 wangzhixuan spring-shiro-training add command injection
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
CVE-2025-8752 wangzhixuan spring-shiro-training add command injection
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
CVE-2025-8506
A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has...
The vulnerability of the configuration of the Version Control System (VCS) of the Continuous Integration and Delivery Application Framework (CI/CD) tool JetBrains TeamCity allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the TeamCity VCS configuration in continuous integration and delivery systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...
The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity, related to insufficient protection of registration data, allows attackers to disclose protected information.
The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
CVE-2025-7935
A vulnerability, which was classified as critical, was found in fuyanglipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the argume...
CVE-2025-7080
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...
CVE-2025-6768
A vulnerability classified as critical has been found in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. It is possible to...
CVE-2025-6767
A vulnerability was found in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack...
CVE-2025-6767
Summary: CVE-2025-6767 affects sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8, with a SQL injection in the function findDoctorByCondition of DoctorServiceImpl.java caused by the hospitalName parameter. The attack can be remote and exploit has been disclosed publicly. Multiple ...