Vulnerabilities
Vulnerable Software
Security Vulnerabilities
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data
CVSS Score
7.3
EPSS Score
0.002
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
CVSS Score
8.1
EPSS Score
0.003
Published
2026-07-10
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVSS Score
9.6
EPSS Score
0.004
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
CVSS Score
8.8
EPSS Score
0.003
Published
2026-07-10
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks
CVSS Score
8.1
EPSS Score
0.002
Published
2026-07-10
n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly upload files that accumulate on disk until the periodic cleanup runs, potentially exhausting available disk space on the host.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-07-10
n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions can inject malicious scripts or redirect parameters to perform stored XSS attacks or phishing redirects against end users.
CVSS Score
5.1
EPSS Score
0.002
Published
2026-07-10
ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory.
CVSS Score
6.3
EPSS Score
0.002
Published
2026-07-10
ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion.
CVSS Score
4.8
EPSS Score
0.002
Published
2026-07-10
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata.
CVSS Score
9.2
EPSS Score
0.004
Published
2026-07-10


Contact Us

Shodan ® - All rights reserved