Security Vulnerabilities
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-07-28
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-28
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVSS Score
5.5
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVSS Score
4.3
EPSS Score
0.0
Published
2025-07-28
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVSS Score
4.8
EPSS Score
0.0
Published
2025-07-28