CVE-2026-43917
— Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId v…
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scop…
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-10108
— xiaomusic 0.5.7 Path Traversal via GET /music endpoint
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intende…
Remote
|
Path Traversal
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-10107
— MoviePilot v2 SSRF via /api/v1/system/img/{proxy} Endpoint
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a…
Remote
|
Server-Side Request Forgery
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-10105
— agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t…
Remote
|
Injection
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-10070
— macrozheng mall Super Admin Password update improper authorization
A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results …
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49386
— JetBrains YouTrack Improper Access Control Vulnerability
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49385
— JetBrains YouTrack Unauthorized Service Account Modification Vulnerability
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49384
— "JetBrains PyCharm Stored XSS in Jupyter Notebook Markdown Cells"
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
XML External Entity
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49382
— JetBrains IntelliJ IDEA Template Injection Vulnerability
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
|
Injection
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49381
— JetBrains TeamCity Stored Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49380
— JetBrains TeamCity SAML Plugin Open Redirect Vulnerability
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Remote
|
Misconfiguration
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49379
— JetBrains TeamCity Credentials Exposure Vulnerability
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49377
— JetBrains TeamCity Default Agent Parameters Information Disclosure Vulnerability
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49376
— JetBrains TeamCity SAML Plugin Username Validation Vulnerability
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
Remote
|
Authentication
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49375
— JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49373
— JetBrains TeamCity Perforce Remote Code Execution Vulnerability
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
Remote
|
Injection
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
Remote
|
Server-Side Request Forgery
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
