Alerts

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate...

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.

An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is...

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of...