FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to...
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. More information : https://go.dev/cl/781500
A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link’s TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker...
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation or information disclosure. Successful exploitation requires...
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion More information : https://www.jetbrains.com/privacy-security/issues-fixed/
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters More information : https://www.jetbrains.com/privacy-security/issues-fixed/