In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map->max_osd....
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: udc: fix use-after-free in usb_gadget_state_work A race condition during gadget teardown can lead to a use-after-free in usb_gadget_state_work(), as reported by KASAN:...
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page More information : https://www.jetbrains.com/privacy-security/issues-fixed/
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is...
InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data. More information : https://gist.github.com/tarekramm/797073e9ae991211ff2ae71ed1190c7d
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows...
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows...