Vulnerabilities
Vulnerable Software
Security Vulnerabilities
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2026-05-29
A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious script into the device configuration, which may be stored and executed in the administrator’s browser when the affected interface is viewed.     Successful exploitation may allow session cookie theft, unauthorized configuration changes, or access to sensitive information exposed through the management interface.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-05-29
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVSS Score
3.4
EPSS Score
0.002
Published
2026-05-29
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVSS Score
4.5
EPSS Score
0.001
Published
2026-05-29
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVSS Score
3.3
EPSS Score
0.001
Published
2026-05-29
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVSS Score
6.1
EPSS Score
0.002
Published
2026-05-29
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-29
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-29
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVSS Score
7.5
EPSS Score
0.003
Published
2026-05-29
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVSS Score
7.1
EPSS Score
0.004
Published
2026-05-29


Contact Us

Shodan ® - All rights reserved