In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.

Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device.

OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.

Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.