Lucene search
K

492 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.7 views

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of the Continuous Integration and Deployment application delivery system CI/CD of TeamCity in JetBrains is related to the redirection of URLs to an unreliable website during the editing of the VCS root page. Exploiting this vulnerability could allow a malicious actor to redirect...

5CVSS5.6AI score0.00217EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/05/20 6:15 p.m.17 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...

6.1CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/05/20 6:15 p.m.4 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 5:37 p.m.16 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...

4.3CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 5:37 p.m.49 views

CVE-2025-47854

JetBrains TeamCity has a CVE-2025-47854 open redirect vulnerability in versions prior to 2025.03.2, triggered when editing the VCS Root page due to improper handling of the destination jump (input validation issue). Affected product: JetBrains TeamCity (CI/CD server). Impact is open redirect; exp...

6.1CVSS7.2AI score0.00217EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/20 5:37 p.m.10 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...

4.3CVSS4.7AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/27 12:0 a.m.8 views

PT-2025-27988

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vgacon scroll function, where a check for the vc origin address range has been added. The vulnerabili...

4.6CVSS6.4AI score
Exploits0
CVE
CVE
added 2025/04/15 8:39 p.m.66 views

CVE-2025-32021

CVE-2025-32021 concerns Weblate before 5.11, where creating a new component from an existing one could leak VCS credentials. If the source repository URL is present in settings, that URL is carried in client URL parameters during creation; credentials such as GitHub PATs and usernames could appea...

7.5CVSS3.8AI score0.00332EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/15 8:39 p.m.8 views

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

2.2CVSS4.3AI score0.00332EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/15 8:39 p.m.13 views

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

2.2CVSS0.00332EPSS
Exploits1References2
OSV
OSV
added 2025/04/15 2:20 p.m.7 views

GHSA-M67M-3P5G-CW9J VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...

2.2CVSS7AI score0.00332EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/04/15 2:20 p.m.16 views

VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Summary When creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the...

7.5CVSS6.9AI score0.00332EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/27 4:43 p.m.10 views

CVE-2023-52973 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...

6.2AI score0.00274EPSS
Exploits0References7
CVE
CVE
added 2025/03/27 4:43 p.m.169 views

CVE-2023-52973

The CVE-2023-52973 issue affects the Linux kernel’s vc_screen path (vt/vc_screen.c). Root cause: a use-after-free of vc_data after console_unlock() in vcs_read(), where the vc_data pointer was loaded inside the loop, allowing a UAF in vcs_size(). The bug was fixed by moving the vc_data load to th...

7.8CVSS6.2AI score0.00274EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/07 3:14 p.m.40 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a...

8.8CVSS10AI score0.03028EPSS
Exploits7Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 9:9 p.m.7 views

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS6.8AI score0.00897EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-28646

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.24.5 Go versions prior to 1.23.11 Description: The issue concerns unexpected command execution in untrusted VCS repositories when using the Go toolchain. This can occur when the toolchain is used in directories fetched...

9.8CVSS7.8AI score0.00536EPSS
Exploits0References341
RedhatCVE
RedhatCVE
added 2024/11/21 7:13 p.m.13 views

CVE-2024-50175

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

5.5CVSS6.8AI score0.00219EPSS
Exploits0References4
OSV
OSV
added 2024/11/15 4:15 p.m.6 views

CVE-2022-20853

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

7.4CVSS5.7AI score0.00615EPSS
Exploits0References4
NVD
NVD
added 2024/11/15 4:15 p.m.35 views

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS0.00897EPSS
Exploits0References4
Rows per page
Query Builder