224883 matches found
CVE-2026-49129
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
CVE-2026-49382
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...
CVE-2026-49376
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...
EUVD-2026-33422
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
CVE-2026-47266
CVE-2026-47266 - Formie (Craft CMS plugin) Affected: Formie plugin for Craft CMS. Vulnerable in versions prior to 2.2.21 and 3.1.26. Root cause: Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Impact: Allow...
CVE-2026-45697 Formie: Pre-authenticated server-side template injection in Hidden fields
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...
EUVD-2026-33421
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...
CVE-2026-45697
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...
CVE-2026-45697
Formie (Craft CMS plugin) exposes a pre-authenticated server-side template injection via Hidden fields configured with Default value → Custom. Unauthenticated users could submit crafted values that are evaluated as Twig during submission handling, potentially compromising the Craft site. Affected...
CVE-2026-49382
CVE-2026-49382 affects JetBrains IntelliJ IDEA prior to 2026.1. The issue allows code execution via template injection in the Copyright plugin. This is the concrete vulnerability described across trusted sources; no exploit details are provided in the connected documents. The core root cause is t...
CVE-2026-49382
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...
CVE-2026-49382
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...
EUVD-2026-33390
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...
CVE-2026-49382
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...
CVE-2026-49380
CVE-2026-49380 : In JetBrains TeamCity (before 2026.1), the SAML plugin allows an open redirect. Affected product: JetBrains TeamCity with the SAML plugin; root cause: improper redirection handling in the SAML plugin leading to open redirect. Impact: potential user redirection to arbitrary URL. R...
CVE-2026-49380
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...