CVE-2025-52876 – JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

June 23, 2025

CVE ID : CVE-2025-52876

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52877 – JetBrains TeamCity Reflected XSS Vulnerability

Next Article CVE-2025-52875 – JetBrains TeamCity DOM-Based XSS

Highlights

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

May 17, 2025

CVE ID : CVE-2025-4389

Published : May 17, 2025, 6:15 a.m. | 2 hours, 29 minutes ago

Description : The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

OneDrive user locked out of “30 years worth of photos and work” without any support — calls Microsoft a “Kafkaesque black hole”

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Community News: Latest PECL Releases (06.24.2025)

JSON module scripts are now Baseline Newly Available

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

CVE-2025-52876 – JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

Multiple vulnerabilities in Sitecore CMS | Kaspersky official blog

Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack

`document.currentScript` is more useful than I thought.

Role of AI-driven Autonomous Testing in Software QA

Reimagining Find Care: How AI is Transforming the Digital Healthcare Experience [Webinar]

CVE-2025-32402 – RT-Labs P-Net OOB Write Vulnerability

CVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

TCC Bypass vulnerabilities in two macOS applications

CVE-2024-48848 – Aspect Disk Overutilization Vulnerability

Wireshark Vulnerability Enables DoS Attack Through Malicious Packet Injection

CVE-2025-52876 – JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

Related Posts