Security Vulnerabilities
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-25
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 1.3.3-beta is able to address this issue. The patch is identified as aefaabfd7527188bfba3c8c9eee17c316d094802. The affected component should be upgraded. The project was informed beforehand and acted very professional: "We have implemented message ownership verification, so that users can only query messages related to themselves."
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-25
A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.3.3-beta addresses this issue. Patch name: aefaabfd7527188bfba3c8c9eee17c316d094802. It is suggested to upgrade the affected component. The project was informed beforehand and acted very professional: "We have added authorization validation to the password reset interface; now only users with the corresponding permissions are allowed to perform password resets."
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-25
A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2026-02-25
A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-25
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-02-25