Vulnerabilities
Vulnerable Software
Security Vulnerabilities
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT and a client connects to an IP-literal host with server certificate verification enabled, SSLClient and Client in HTTPS mode skip certificate chain validation and WebSocketClient on the Mbed TLS backend skips verification altogether, allowing a man-in-the-middle attacker positioned to intercept traffic to present a crafted certificate and read or modify the traffic. This issue is fixed in version 0.47.0.
CVSS Score
7.4
EPSS Score
0.003
Published
2026-07-10
A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
CVSS Score
6.8
EPSS Score
0.002
Published
2026-07-10
An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance (denial of service).
CVSS Score
5.3
EPSS Score
0.004
Published
2026-07-10
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-07-10
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible
CVSS Score
3.5
EPSS Score
0.004
Published
2026-07-10
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVSS Score
3.5
EPSS Score
0.001
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVSS Score
7.3
EPSS Score
0.002
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVSS Score
8.1
EPSS Score
0.003
Published
2026-07-10
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVSS Score
9.6
EPSS Score
0.004
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVSS Score
8.8
EPSS Score
0.003
Published
2026-07-10


Contact Us

Shodan ® - All rights reserved