Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.

In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location

In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API