2.2
CVE-2024-8013 - CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptdβ¦
4.6
CVE-2024-50582 -
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
4.6
CVE-2024-50581 -
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
4.6
CVE-2024-50580 -
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
4.6
CVE-2024-50579 -
In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
4.6
CVE-2024-50578 -
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
4.6
CVE-2024-50577 -
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
4.6
CVE-2024-50576 -
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
4.6
CVE-2024-50575 -
In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
5.3
CVE-2024-50574 -
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality