22 matches found
DEBIAN-CVE-2026-39956
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
EUVD-2017-6293
Malware in sbrugna...
EUVD-2025-24268
Malicious code in bioql PyPI...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...
CVE-2024-36373
CVE-2024-36373 is a stored XSS vulnerability in JetBrains TeamCity identified as affecting the product before version 2024.03.2, arising from untrusted builds settings that fail to properly filter/escape user-supplied data. Public sources consistently describe an ability to inject script/HTML via...
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible...
PT-2024-3963
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03.2 Description The issue is related to the lack of protection of the web page structure in the JetBrains TeamCity continuous integration and delivery CI/CD system. This can be exploited by a remote...
SUSE CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
Design/Logic Flaw
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...
CVE-2017-14804 package builds could use directory traversal to write outside of target area
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots...