3.8
CVE-2025-67742 -
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
4.8
CVE-2025-67741 -
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
2.7
CVE-2025-67740 -
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
3.1
CVE-2025-67739 -
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
5.1
CVE-2025-14519 - baowzh hfly advtext add cross site scripting
A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remote…
5.3
CVE-2025-14518 - PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to serve…
7.6
CVE-2025-13124 - IDOR in Netiket''s ApplyLogic
Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.
9.1
CVE-2025-14265 - Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of cust…
5.9
CVE-2024-40593 -
A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4…
4.8
CVE-2025-14517 - Yalantis uCrop AndroidManifest.xml UCropActivity improper export of android application components
A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed a…