58 matches found
CVE-2026-35533
The CVE-2026-35533 issue affects mise (dev tools manager). From 2026.2.18–2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can cause that file to be treated as trusted and reac...
EUVD-2026-14938
Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations...
CVE-2020-7518
A CWE-20: Improper input validation vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker to modify project configuration files...
CVE-2022-33320
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
EUVD-2025-203768
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-68162
JetBrains TeamCity: CVE-2025-68162 affects the maven embedder in TeamCity versions before 2025.11, allowing loading of extensions via project configuration. The published metrics indicate a low overall severity (CVSS 3.1: Confidentiality None, Integrity Low, Availability None; Privileges Required...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...
PT-2025-51713
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration...
CVE-2025-0504 Black Duck SCA Project Privilege Escalation
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
MAL-2025-185469 Malicious code in antares-luminescence-phoebe-higgs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9250c08aab5a952d64b8b3d1497c203806cf0a3da77a0aa075aaeece4362bd64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-181024 Malicious code in teate-thy-sonic-urapu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9380cef82872e3ccdee7e5519c2ab04e168ed707dc179e1ee4a94ae82672d4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-144447 Malicious code in lint-staged-blaze-concurrently-cordelia (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c264da9ee153bfc81c5d7023d782b5e52b2e8e8b64216fe7ac06aa6fdb1d3df8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-78745 Malicious code in hendra-brengkes46-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b033538cc9dcbce79cdb4555e1f6cc506c5fd7d38826ba4b4f5398f4bfe2189 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2019-10965
Malware in sbrugna...
EUVD-2020-28643
Malware in sbrugna...