EUVD-2023-56364

Malicious code in bioql PyPI...

GO-2025-3870 Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-plugin-confluence

Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-plugin-confluence...

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

GO-2025-3643 Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions in github.com/mattermost/mattermost-plugin-playbooks. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2025-0452

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...

Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss

Summary A path traversal vulnerability via the plugin repository name allows an authenticated attacker to delete files on the server leading to unavailability and potentially data loss. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This featur...

GHSA-VR8X-74PM-6VJ7 Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss

Summary A path traversal vulnerability via the plugin repository name allows an authenticated attacker to delete files on the server leading to unavailability and potentially data loss. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This featur...

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

Design/Logic Flaw

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration...

JetBrains IntelliJ IDEA Security Vulnerability

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2023.3.2, which stems from a malicious plugin repository specified via the project...

Prevent users from creating plugin repository proxy

Lines of code Vulnerability details Impact The attacker can Front-running the transaction and prevent users from creating plugin repository proxy. Proof of Concept The PluginRepoFactory.createPluginRepo is used to create a plugin repository proxy pointing to the pluginRepoBase implementation and...

WordPress WP Inimat plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by WPScan security research team in WordPress WP Inimat plugin versions = 1.0. Solution 2020-02-15 - we were unable to find a patched version of this plugin. Notice from WordPress plugin repository: "This plugin has been closed as of January 14, 2021 a...

WordPress Drug Search plugin <= 1.0.0 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by WPScan security research team in WordPress Drug Search plugin versions = 1.0.0. Solution 2020-02-15 - we were unable to find a patched version of this plugin. Notice from WordPress plugin repository: "This plugin has been closed as of January 14, 20...

WordPress Newsletter by Supsystic plugin <= 1.5.6 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability found by Erik David Martin in WordPress Newsletter by Supsystic plugin versions = 1.5.6. Solution 2021-02-08 - we were unable to find a patched version of this plugin. WordPress plugin repository notice: "This plugin has been closed as of December 1, 2020 and is n...

Unspecified Vulnerability in JetBrains GoLand

JetBrains GoLand is a set of intelligent IDE Integrated Development Environment dedicated to Go language development from the Czech company JetBrains. A security vulnerability exists in JetBrains GoLand versions prior to 2019.3.2, which stems from the fact that the program uses the HTTP protocol...

CVE-2020-11685

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS...

CVE-2020-11685

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS...

Design/Logic Flaw

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS...

CVE-2020-11685

CVE-2020-11685 affects JetBrains GoLand prior to 2019.3.2, where the plugin repository was accessed via HTTP instead of HTTPS. Root cause: HTTP access allowed potential eavesdropping/credential exposure to the plugin channel. Impact stated: confidentiality could be affected. Remediation: JetBrain...