CVE-2025-6250 - Symantec Defendpoint Service Bypass
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6250
Published : July 28, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50490 - PHPGurukul Student Result Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50493 - PHPGurukul Doctor Appointment Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50494 - PHPGurukul Car Washing Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50494
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54527 - JetBrains YouTrack Iframe Sandbox Bypass
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54527
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54528 - JetBrains TeamCity GitHub App CSRF Vulnerability
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54528
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54529 - JetBrains TeamCity CSRF Vulnerability
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54530 - JetBrains TeamCity Directory Permission Escalation
CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54531 - JetBrains TeamCity Path Traversal Vulnerability
CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54532 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability
CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54533 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability
CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54534 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54535 - JetBrains TeamCity Weak Password Token Hashing
CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54536 - JetBrains TeamCity GraphQL CSRF Vulnerability
CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54537 - JetBrains TeamCity Plain Text User Credentials Memory Snapshot Vulnerability
CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54538 - JetBrains TeamCity Password Exposure Vulnerability
CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7676 - Microsoft Windows DLL Hijacking Vulnerability
CVE ID : CVE-2025-7676
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7676
Published : July 28, 2025, 5:15 p.m. | 46 minutes ago
Description : DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43023 - HP Linux Imaging and Printing Software DSA Code Signing Key Weakness
CVE ID : CVE-2025-43023
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43023
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50488 - PHPGurukul Online Library Management System Session Hijacking Vuln
CVE ID : CVE-2025-50488
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50488
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50489 - PHPGurukul Student Result Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50489
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50489
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50491 - PHPGurukul Bank Locker Management System Session Hijacking Vulnerability
CVE ID : CVE-2025-50491
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50491
Published : July 28, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...