Category: Vulnerabilities

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page More information : https://www.jetbrains.com/privacy-security/issues-fixed/

HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is...

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data. More information : https://gist.github.com/tarekramm/797073e9ae991211ff2ae71ed1190c7d

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows...

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows...

An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations. More information...

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (Core Libraries) allows Sniffing Network Traffic.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.2.0 before 7.3.1. More information...

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to...