In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

Cross-Site Request Forgery (CSRF) vulnerability in AnyRoad AnyRoad anyguide allows Cross Site Request Forgery.This issue affects AnyRoad: from n/a through <= 1.3.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings estatebud-properties-listings allows Stored XSS.This issue affects Estatebud – Properties & Listings: from n/a through <= 5.5.0.

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8.

Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through <= 2.6.7.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Payments – Get Paid with PayPal, Square & Stripe paypal-payment-button-by-vcita allows Stored XSS.This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a t…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enguerranws Related Post Shortcode related-post-shortcode allows Stored XSS.This issue affects Related Post Shortcode: from n/a through <= 1.2.