Security Vulnerabilities
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVSS Score
5.5
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVSS Score
7.5
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVSS Score
7.7
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-28