3.8

CVSS3.1

CVE-2025-67742 -

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

📅 Published: Dec. 11, 2025, 3:19 p.m. 🔄 Last Modified: Dec. 15, 2025, 8:06 p.m.

4.8

CVSS3.1

CVE-2025-67741 -

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

📅 Published: Dec. 11, 2025, 3:19 p.m. 🔄 Last Modified: Dec. 15, 2025, 8:06 p.m.

2.7

CVSS3.1

CVE-2025-67740 -

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

📅 Published: Dec. 11, 2025, 3:19 p.m. 🔄 Last Modified: Dec. 15, 2025, 8:07 p.m.

3.1

CVSS3.1

CVE-2025-67739 -

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

📅 Published: Dec. 11, 2025, 3:19 p.m. 🔄 Last Modified: Dec. 23, 2025, 9:10 p.m.

5.1

CVSS4.0

CVE-2025-14519 - baowzh hfly advtext add cross site scripting

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remote…

📅 Published: Dec. 11, 2025, 3:02 p.m. 🔄 Last Modified: Jan. 6, 2026, 2:36 p.m.

5.3

CVSS4.0

CVE-2025-14518 - PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to serve…

📅 Published: Dec. 11, 2025, 3:02 p.m. 🔄 Last Modified: Feb. 24, 2026, 6:16 a.m.

7.6

CVSS3.1

CVE-2025-13124 - IDOR in Netiket''s ApplyLogic

Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.

📅 Published: Dec. 11, 2025, 2:30 p.m. 🔄 Last Modified: Dec. 12, 2025, 3:18 p.m.

9.1

CVSS3.1

CVE-2025-14265 - Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of cust…

📅 Published: Dec. 11, 2025, 2:21 p.m. 🔄 Last Modified: Feb. 26, 2026, 4:21 p.m.

5.9

CVSS3.1

CVE-2024-40593 -

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4…

📅 Published: Dec. 11, 2025, 2:10 p.m. 🔄 Last Modified: Jan. 14, 2026, 9:14 a.m.

4.8

CVSS4.0

CVE-2025-14517 - Yalantis uCrop AndroidManifest.xml UCropActivity  improper export of android application components

A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity  of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed a…

📅 Published: Dec. 11, 2025, 2:02 p.m. 🔄 Last Modified: March 5, 2026, 7:04 p.m.
Total resulsts: 344670
Page 2211 of 34,467
« previous page » next page
Filters