In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.

In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.

In JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missed

In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit log in clear text. Actors with access to the audit log can exploit this flaw to gain access to valid API keys. The issue has been fixed in Dependency-Track 4.6.0. Instead of logging the entire API key, only the last 4 characters of the key will be logged. It is strongly recommended to check historic logs for occurrences of this behavior, and re-generating API keys in case of leakage.