CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

CVE-2026-10581

CVE-2026-10581 affects DedeCMS 5.7.88. The vulnerability lies in the function base64_decode in /plus/download.php?open=1, where manipulation of the Link argument triggers a server-side request forgery (SSRF). Remote exploitation is possible, and the exploit has been published. The available docum...

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

CVE-2026-49375

CVE-2026-49375 relates to JetBrains TeamCity prior to 2026.1, with a reflected XSS on the repository download page in version 2025.11.5. The CVE has a CVSS 3.1 base score of 6.1 (MEDIUM) with a network attack vector, requiring user interaction and no privileges, and results in low confidentiality...

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

EUVD-2026-33383

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

PT-2026-44955

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description A reflected Cross-Site Scripting XSS issue exists on the repository download page. Reflected XSS occurs when an application receives data in an HTTP...

CVE-2026-7132

CVE-2026-7132 affects code-projects Online Lot Reservation System (≤1.0). The vulnerability is in the readfile function of /download.php, where manipulation of the File argument enables path traversal. This can be exploited remotely; a public exploit is noted. CVSS data indicate network access wi...

RegPwnBOF

🛡️ RegPwnBOF - Simple Registry Action Tool !Download RegPwn...

CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...

CVE-2026-2683

A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The...

CVE-2026-2683

A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.21080262532. The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The...

CVE-2026-2683

CVE-2026-2683 concerns Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The vulnerability lies in an unknown function within /Using/Subject/downLoad.html where manipulation of the path argument enables path traversal. The issue appears exploitable remotely and a public exploit has ...

Tsinghua Unigroup Electronic Archives System 路径遍历漏洞

Tsinghua Unigroup Electronic Archives System is an electronic archive management system of Tsinghua Unigroup. Version 3.2.21080262532 of Tsinghua Unigroup Electronic Archives System has a path traversal vulnerability. This vulnerability arises from incorrect handling of parameters in the file...

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

Security Bulletin: NVIDIA NSIGHT Graphics - January 2026

NVIDIA has released a software update for NVIDIA® NSIGHT Graphics. To protect your system, download and install this software update from the Download NVIDIA NSIGHT Graphics page. Go to NVIDIA Product Security...

CVE-2025-15205 code-projects Student File Management System download.php sql injection

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istoreid leads to sql injection. The attack can be initiated remotely. The exploit is publicly...

crossbow-agent

🤖 crossbow-agent - The Smart Way to Secure Your System 🚀 G...