5.1
CVE-2025-6509 - seaswalker spring-analysis SimpleController.java echo cross site scripting
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads tโฆ
4.8
CVE-2025-52879 -
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
4.3
CVE-2025-52878 -
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
4.8
CVE-2025-52877 -
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
5.4
CVE-2025-52876 -
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
5.4
CVE-2025-52875 -
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
6.6
CVE-2025-2172 -
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
7.8
CVE-2025-2171 -
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN
0.0
CVE-2025-52542 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2025-6512 - Scripts within reports executable on BRAIN2 Server
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.