CVE-2026-49377
— JetBrains TeamCity Default Agent Parameters Information Disclosure Vulnerability
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49376
— JetBrains TeamCity SAML Plugin Username Validation Vulnerability
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
Remote
|
Authentication
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49375
— JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49373
— JetBrains TeamCity Perforce Remote Code Execution Vulnerability
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
Remote
|
Injection
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
Remote
|
Server-Side Request Forgery
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49371
— JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49370
— JetBrains YouTrack Information Disclosure Vulnerability
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49369
— JetBrains YouTrack Information Disclosure Vulnerability
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49368
— "JetBrains YouTrack Stored XSS Vulnerability in Project Notification Templates"
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49367
— JetBrains IntelliJ IDEA Command Execution Vulnerability
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
Remote
|
Authentication
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49366
— JetBrains IntelliJ IDEA Command Injection Vulnerability
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
|
Injection
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-47745
— Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admi…
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete…
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-47744
— Shopper: Authorization bypass and RBAC privilege escalation in team settings
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/…
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-47742
— Shopper: Missing authorization on Product admin Livewire sub-form components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() met…
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-47741
— Shopper: Race condition on Discount.usage_limit allows silent over-redemption
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Un…
Remote
|
Race Condition
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-47740
— Shopper: Authorization bypass in multiple Livewire admin components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user withou…
Remote
|
Authorization
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-46372
— SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-46344
— liboqs: Heap-buffer-overflow in XMSS verification path via OID-controlled parameter misma…
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT …
Remote
|
Memory Corruption
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-44652
— SillyTavern: SSRF vulnerability in the CORS proxy middleware
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
