Security Vulnerabilities
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVSS Score
7.5
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVSS Score
7.7
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-28
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-07-28