JetBrains IntelliJ IDEA < 2026.1 Multiple Vulnerabilities

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin CVE-2026-49382 - In JetBrains...

CakePHP 5.3.1 Released

CakePHP 5.3.1 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.1. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

Malicious code in ai-plugin-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 375f6ac1b62a76dd86681b0fc33bfe8a4162eb0ff032e0d0c96e5bb8735d7953 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Path Traversal

gin-vue-admin is vulnerable to Path Traversal. The vulnerability is due to improper validation for PlugName field within a struct, which allows an attacker to perform directory traversal by manipulating the plugName parameter in the Plugin System - Plugin Template feature...

CVE-2024-31457 gin-vue-admin background arbitrary code coverage vulnerability

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

CVE-2024-31457 gin-vue-admin background arbitrary code coverage vulnerability

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

PT-2024-24090 · Unknown · Gin-Vue-Admin

Name of the Vulnerable Software and Affected Versions: gin-vue-admin versions 2.6.1 and earlier Description: The issue is a code injection vulnerability in the backend of gin-vue-admin, specifically in the Plugin System - Plugin Template feature. An attacker can perform directory traversal by...

WordPress Plugin which template file cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Plugin which template file cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Plugin Template Debugger 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress IgniteUp plugin <=3.4 - Multiple vulnerabilities

Multiple vulnerabilities found by Jerome Bruandet in WordPress IgniteUp plugin versions =3.4. Vulnerabilities that could be exploited by unauthenticated users include Arbitrary File Deletion, HTML injection & CSRF in email messages, Stored Cross-Site Scripting XSS, Sensitive Information Disclosur...