Lucene search
K

22 matches found

OSV
OSV
added 2026/04/13 11:16 p.m.3 views

DEBIAN-CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.3AI score0.00174EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-6293

Malware in sbrugna...

9.9CVSS7.1AI score0.01744EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24268

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/14 3:49 p.m.12 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS7.3AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 4:15 p.m.6 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/12 3:47 p.m.10 views

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/08/12 3:47 p.m.6 views

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS6.9AI score0.00188EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/12 3:47 p.m.3 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS7AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2024/05/29 2:15 p.m.4 views

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...

5.4CVSS5.8AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/05/29 2:15 p.m.21 views

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...

5.4CVSS4.8AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2024/05/29 1:29 p.m.57 views

CVE-2024-36373

CVE-2024-36373 is a stored XSS vulnerability in JetBrains TeamCity identified as affecting the product before version 2024.03.2, arising from untrusted builds settings that fail to properly filter/escape user-supplied data. Public sources consistently describe an ability to inject script/HTML via...

5.4CVSS5.8AI score0.00267EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/29 1:29 p.m.13 views

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...

4.6CVSS5.9AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/29 1:29 p.m.20 views

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...

4.6CVSS4.5AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.6 views

PT-2024-3963

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03.2 Description The issue is related to the lack of protection of the web page structure in the JetBrains TeamCity continuous integration and delivery CI/CD system. This can be exploited by a remote...

5.5CVSS5.7AI score0.00267EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.5 views

SUSE CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS7.3AI score0.01744EPSS
Exploits0References8
OSV
OSV
added 2018/03/01 8:29 p.m.6 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

5.3CVSS9.4AI score
Exploits0References3
Prion
Prion
added 2018/03/01 8:29 p.m.22 views

Design/Logic Flaw

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

5CVSS5.1AI score0.01744EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2018/03/01 8:29 p.m.20 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS9.3AI score0.01744EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/03/01 8:29 p.m.26 views

CVE-2017-14804

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS6.8AI score0.01744EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/01 7:0 p.m.24 views

CVE-2017-14804 package builds could use directory traversal to write outside of target area

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...

9.9CVSS7AI score0.01744EPSS
Exploits0References3
Rows per page
Query Builder