5.1
CVE-2025-10591 - Portabilis i-Educar Editar Função educar_funcao_cad.php cross site scripting
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carrie…
5.3
CVE-2025-10590 - Portabilis i-Educar educar_usuario_det.php cross site scripting
A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_usuario_det.php. The manipulation of the argument ref_pessoa results in cross site scripting. The attack can be executed remotely. The exploit has been rel…
9.3
CVE-2025-10156 - PickleScan Security Bypass via Bad CRC in ZIP Archive
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scan…
9.3
CVE-2025-10155 - PickleScan Security Bypass Using Misleading File Extension
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly c…
4.7
CVE-2025-0420 - XSS in Mikrogrup's Paraşüt
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting (XSS).This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204.
8.3
CVE-2025-59458 -
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation
7.7
CVE-2025-59457 -
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
5.5
CVE-2025-59456 -
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
4.2
CVE-2025-59455 -
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
4.7
CVE-2025-0419 - XSS in Mikrogrup's Zirve Nova
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting (XSS).This issue affects Zirve Nova: from 235 through 20250131.