In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration c…

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU contexts) are freed in…

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now …