Alerts

** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing. The SaaS AI assistant ignores hidden content that...

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger...

The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient...