EUVD-2019-7909

Malware in sbrugna...

EUVD-2022-4499

Malicious code in bioql PyPI...

EUVD-2024-42725

Malicious code in bioql PyPI...

SonarSource SonarQube Server < 9.9.5 / 10.x < 10.5 GitHub Integration JWT Exfiltration (CVE-2024-47910)

The version of SonarSource SonarQube Server running on the remote host is prior to 9.9.5 or 10.x prior to 10.5. It is, therefore, affected by an information disclosure vulnerability: - A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to...

SonarSource SonarQube Server < 9.9.4 / 10.x < 10.4 Information Disclosure (CVE-2024-38460)

The version of SonarSource SonarQube Server running on the remote host is prior to 9.9.4 or 10.x prior to 10.4. It is, therefore, affected by an information disclosure vulnerability: - In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are...

SonarSource SonarQube Server Web Interface Detection

Binary data sonarsourcesonarqubeserverwebdetect.nbin...

CVE-2024-47910

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

CVE-2024-47911

In SonarSource SonarQube 10.4–10.5 (before 10.6), a vulnerability exists in the authorizations/group-memberships API endpoint that allows users with the administrator role to inject blind SQL commands. The issue is triggered via the group-memberships authorization path, enabling SQL injection wit...

CVE-2024-47910

The CVE describes an information-disclosure vulnerability in SonarSource SonarQube server pre-9.9.5 LTA and pre-10.5. Specifically, a user with Administrator privileges can modify an existing GitHub integration configuration to exfiltrate a pre-signed JWT. Affected versions: SonarQube before 9.9....

CVE-2024-47910

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. The vulnerabilities, according to...

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was release...

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threa...

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 This repository presents a proof-of-concept of...

JetBrains TeamCity Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by...

JetBrains TeamCity Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JetBrains TeamCity Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability to...

JetBrains TeamCity Unauthenticated Remote Code Execution

This module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by SonarSource...