5.4

CVSS3.1

CVE-2025-54528 -

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

πŸ“… Published: July 28, 2025, 4:20 p.m. πŸ”„ Last Modified: July 31, 2025, 7:50 p.m.

6.1

CVSS3.1

CVE-2025-54527 -

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

πŸ“… Published: July 28, 2025, 4:20 p.m. πŸ”„ Last Modified: Dec. 1, 2025, 7:23 p.m.

7.1

CVSS4.0

CVE-2025-6250 - Privilege Management for Windows - Elevation of Privilege

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.

πŸ“… Published: July 28, 2025, 3:40 p.m. πŸ”„ Last Modified: Aug. 4, 2025, 1:45 p.m.

7.2

CVSS4.0

CVE-2025-2297 - Privilege Management for Windows - Elevation of Privilege

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to admini…

πŸ“… Published: July 28, 2025, 3:40 p.m. πŸ”„ Last Modified: Aug. 4, 2025, 1:46 p.m.

5.4

CVSS3.1

CVE-2024-49343 - IBM Informix Dynamic Server HTML injection

IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

πŸ“… Published: July 28, 2025, 3:27 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 5:12 p.m.

7.5

CVSS3.1

CVE-2024-49342 - IBM Informix Dynamic Server information disclosure

IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

πŸ“… Published: July 28, 2025, 3:26 p.m. πŸ”„ Last Modified: Aug. 6, 2025, 5:13 p.m.

9.8

CVSS3.1

CVE-2025-54418 - CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process up…

πŸ“… Published: July 28, 2025, 2:47 p.m. πŸ”„ Last Modified: Aug. 5, 2025, 3:46 p.m.

9.3

CVSS4.0

CVE-2025-53696 -

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.

πŸ“… Published: July 28, 2025, 2:43 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS4.0

CVE-2025-53695 -

OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.

πŸ“… Published: July 28, 2025, 2:05 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.7

CVSS3.1

CVE-2025-8279 - Missing Authentication for Critical Function in GitLab Language Server

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution

πŸ“… Published: July 28, 2025, 2:04 p.m. πŸ”„ Last Modified: Aug. 11, 2025, 6:59 p.m.
Total resulsts: 346692
Page 4237 of 34,670
Β« previous page Β» next page
Filters