CVE Vulnerability Database
Search and browse 11,425 known security vulnerabilities. Filter by severity, vendor, product, and year.
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a correctly-sized
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User (Authelia) and X-Authentik-Username (Authentik) HTTP headers to auto
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature buffe
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.