Latest CVE Vulnerabilities

6.3 MEDIUM

CVE-2026-44287 — FastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassable

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t…

fastgpt | Remote | Injection

May 29, 2026 May 29, 2026

May 29, 2026

7.7 HIGH

CVE-2026-44285 — FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro…

fastgpt | Remote | Server-Side Request Forgery

May 29, 2026 May 29, 2026

May 29, 2026

5.3 MEDIUM

CVE-2026-42500 — Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.

Remote | Memory Corruption

May 29, 2026 May 29, 2026

May 29, 2026

5.3 MEDIUM

CVE-2026-34127 — Stored Cross-Site Scripting (XSS) via Configuration File Import on TP-Link's TL-SG108PE

A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration paramete…

| Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

9.3 CRITICAL

CVE-2026-9051 — Authentication Bypass Vulnerability in NI SystemLink Enterprise

There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pr…

systemlink_enterprise | Remote | Authentication

May 29, 2026 May 29, 2026

May 29, 2026

6.5 MEDIUM

CVE-2026-49386 — JetBrains YouTrack Improper Access Control Vulnerability

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

youtrack | Remote | Authorization

May 29, 2026 May 29, 2026

May 29, 2026

6.5 MEDIUM

CVE-2026-49385 — JetBrains YouTrack Unauthorized Service Account Modification Vulnerability

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

youtrack | Remote | Authorization

May 29, 2026 May 29, 2026

May 29, 2026

6.1 MEDIUM

CVE-2026-49384 — "JetBrains PyCharm Stored XSS in Jupyter Notebook Markdown Cells"

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

pycharm | Remote | Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

3.3 LOW

CVE-2026-49383 — JetBrains IntelliJ IDEA XXE Injection Vulnerability

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

intellij_idea | XML External Entity

May 29, 2026 May 29, 2026

May 29, 2026

4.5 MEDIUM

CVE-2026-49382 — JetBrains IntelliJ IDEA Template Injection Vulnerability

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

intellij_idea | Injection

May 29, 2026 May 29, 2026

May 29, 2026

3.4 LOW

CVE-2026-49381 — JetBrains TeamCity Stored Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

teamcity | Remote | Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

3.1 LOW

CVE-2026-49380 — JetBrains TeamCity SAML Plugin Open Redirect Vulnerability

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

teamcity | Remote | Misconfiguration

May 29, 2026 May 29, 2026

May 29, 2026

6.5 MEDIUM

CVE-2026-49379 — JetBrains TeamCity Credentials Exposure Vulnerability

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

teamcity | Remote | Information Disclosure

May 29, 2026 May 29, 2026

May 29, 2026

4.3 MEDIUM

CVE-2026-49378 — JetBrains TeamCity Credentials Exposed

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

teamcity | Remote | Information Disclosure

May 29, 2026 May 29, 2026

May 29, 2026

4.3 MEDIUM

CVE-2026-49377 — JetBrains TeamCity Default Agent Parameters Information Disclosure Vulnerability

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

teamcity | Remote | Information Disclosure

May 29, 2026 May 29, 2026

May 29, 2026

6.5 MEDIUM

CVE-2026-49376 — JetBrains TeamCity SAML Plugin Username Validation Vulnerability

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

teamcity | Remote | Authentication

May 29, 2026 May 29, 2026

May 29, 2026

6.1 MEDIUM

CVE-2026-49375 — JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

teamcity | Remote | Cross-Site Scripting

May 29, 2026 May 29, 2026

May 29, 2026

7.6 HIGH

CVE-2026-49374 — JetBrains TeamCity Path Traversal Vulnerability

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

teamcity | Remote | Authorization

May 29, 2026 May 29, 2026

May 29, 2026

7.1 HIGH

CVE-2026-49373 — JetBrains TeamCity Perforce Remote Code Execution Vulnerability

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

teamcity | Remote | Injection

May 29, 2026 May 29, 2026

May 29, 2026

7.5 HIGH

CVE-2026-49372 — JetBrains TeamCity SSRF Vulnerability

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

teamcity | Remote | Server-Side Request Forgery

May 29, 2026 May 29, 2026

May 29, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences