| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note (type: code, mime: text/plain) containing raw HTML/JS and a trigger note (type: doc or type: launcher) with a #docName label that uses ../ path traversal to point at the payload note's API endpoint. The desktop client Electron renderer runs with nodeIntegration enabled, so an RCE is triggered once the payload is executed. This vulnerability is fixed in 0.102.2. |
| Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information |
| Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OSĀ® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection.
Panorama and Cloud NGFW are not impacted by these issues. |
| A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. |
| Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible |
| In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion |
| Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database. |
| In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible |
| In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible |
| In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas |
| In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account |
| In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests |
| In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names |
| In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin |
| In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
