In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option tha
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via direct database access leading to administrative access was po
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct int
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid lead
← Previous Page 5