CVE-2025-53696 - iSTAR Ultra Firmware Verification Bypass Vulnerability
CVE ID : CVE-2025-53696
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53696
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54418 - CodeIgniter ImageMagick Command Injection Vulnerability
CVE ID : CVE-2025-54418
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54418
Published : July 28, 2025, 3:15 p.m. | 2 hours, 46 minutes ago
Description : CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick` as the image library) and either allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method or use the `text()` method with user-controlled text content or options. An attacker can upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed or provide malicious text content or options that get executed when adding text to images Users should upgrade to v4.6.2 or later to receive a patch. As a workaround, switch to the GD image handler (`gd`, the default handler), which is not affected by either vulnerability. For file upload scenarios, instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe filenames. For text operations, if one must use ImageMagick with user-controlled text, sanitize the input to only allow safe characters and validate/restrict text options.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49342 - IBM Informix Dynamic Server Authentication Bypass
CVE ID : CVE-2024-49342
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49342
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49343 - IBM Informix Dynamic Server HTML Injection Vulnerability
CVE ID : CVE-2024-49343
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49343
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2297 - Apache Struts Privilege Escalation Vulnerability
CVE ID : CVE-2025-2297
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2297
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6250 - Symantec Defendpoint Service Bypass
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50490 - PHPGurukul Student Result Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50493 - PHPGurukul Doctor Appointment Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50494 - PHPGurukul Car Washing Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54527 - JetBrains YouTrack Iframe Sandbox Bypass
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54528 - JetBrains TeamCity GitHub App CSRF Vulnerability
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54529 - JetBrains TeamCity CSRF Vulnerability
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54530 - JetBrains TeamCity Directory Permission Escalation
CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54531 - JetBrains TeamCity Path Traversal Vulnerability
CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54532 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability
CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54533 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability
CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54534 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54535 - JetBrains TeamCity Weak Password Token Hashing
CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54536 - JetBrains TeamCity GraphQL CSRF Vulnerability
CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54537 - JetBrains TeamCity Plain Text User Credentials Memory Snapshot Vulnerability
CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54538 - JetBrains TeamCity Password Exposure Vulnerability
CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...