JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

CVE-2025-68142

creationtimestamp| type| source ---|---|--- 2025-12-15 22:07:58+00:00| published-proof-of-concept| https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq...

GO-2025-4228 Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon

Algernon Cross-Site Scripting vulnerability in github.com/xyproto/algernon...

GO-2025-4237 Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate

Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip in github.com/weaviate/weaviate...

GO-2025-4227 Zitadel Discloses the Total Number of Instance Users in github.com/zitadel/zitadel

Zitadel Discloses the Total Number of Instance Users in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

GO-2025-4229 1Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality in github.com/1Panel-dev/1Panel

1Panel contains a cross-site request forgery CSRF vulnerability in the Change Username functionality in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2025-68130

creationtimestamp| type| source ---|---|--- 2025-12-15 19:48:47+00:00| published-proof-of-concept| https://github.com/trpc/trpc/security/advisories/GHSA-43p4-m455-4f4j...

GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos

memos lacks file name validation or verification in github.com/usememos/memos...

GO-2025-4215 memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos

memos vulnerability allows arbitrarily reactions deletion in github.com/usememos/memos...

GO-2025-4207 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel...

GO-2025-4213 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login in github.com/zitadel/zitadel

ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2025-4205 Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik

Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik...

GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware

A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as…...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.3 security update

Important: Red Hat OpenShift GitOps v1.17.3 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8116 CVE-2024-45338 openshift-gitops-dex-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html gitops-1.17 GITOPS-76...

CVE-2025-13740

creationtimestamp| type| source ---|---|--- 2025-12-15 08:50:04+00:00| seen| https://gist.github.com/Darkcrai86/18391249030f32481215320c18dd5c5a...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ParseMustBeSegmentNzNc function when processing large input containing many commas. An attacker can cause excessive stack consumption and application crash by supplying specially crafted input. Remediation...

CVE-2025-61675

creationtimestamp| type| source ---|---|--- 2025-12-14 15:00:08+00:00| published-proof-of-concept| Telegram/OHr82OtRsE7SrX-5JX0BTKOCwGseELWPcAGkyhObfyZN6dU 2025-12-15 13:32:00+00:00| seen| https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html 2025-12-15 15:57:55+00:00| seen...

GHSA-496G-MMPW-J9X3

creationtimestamp| type| source ---|---|--- 2025-12-13 13:14:15+00:00| seen| https://bsky.app/profile/tesaguri.fedibird.com.ap.brid.gy/post/3m7uonli5oa22 2026-01-06 20:11:53+00:00| published-proof-of-concept| Telegram/mJFISOaG9sdliiq532xrtHTh4hR6RCcMc304VWQpxZ4gXns...

GHSA-3JP5-5F8R-Q2WG

creationtimestamp| type| source ---|---|--- 2025-12-13 13:09:23+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3m7uof56qpf2x...

EUVD-2025-203110

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during scanning. The APIVersion rule uses new...