In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Протокол HTTP/2 допускает отказ в обслуживании (потребление ресурсов сервера), поскольку отмена запр...

В JetBrains TeamCity до версии 2023.11.4 возможно прохождение по пути, позволяющее выполнять ограниченные адми...

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems...

Макрос Widget Connector в Atlassian Confluence Server до версии 6.6.12 (исправленная версия для 6.6.x), с версии 6.7.0 до 6.12.3 (ис�...

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7....

Уязвимость обхода аутентификации в Ivanti EPMM позволяет неавторизованным пользователям получать дос...

Обнаружена проблема в GitLab CE/EE, затрагивающая все версии, начиная с 11.9. GitLab неправильно проверял фай...

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive inform...

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP...

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates ...

В Spring Cloud Function версий 3.1.6, 3.2.2 и более старых неподдерживаемых версий при использовании функциональ...

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unse...

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0...

Cacti — это платформа с открытым исходным кодом, которая предоставляет надежную и расширяемую струк...

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for e...

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/Meta...

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run...

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.