containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0.…

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerabilit…

The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of the `PyNcclPipe…