Monthly Archive: July 2025

DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the...

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the “hg pull” command More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions More information : https://www.jetbrains.com/privacy-security/issues-fixed/

Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. More information : http://car.com