Riasztások

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate...

Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.

An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.