A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows …

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated atta…

A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made availabl…

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files