CVE-2026-49366

Same vendor

• CVE-2026-49386 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas (6.5 MEDIUM)
• CVE-2026-49385 — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts (6.5 MEDIUM)
• CVE-2026-49384 — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible (6.1 MEDIUM)
• CVE-2026-49383 — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible (3.3 LOW)
• CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)

Same CWE

• CVE-2026-12161 — Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user ...
• CVE-2026-48723 — The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack (7.8 HIGH)
• CVE-2026-9863 — Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client in... (7.5 HIGH)
• CVE-2026-9862 — Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service (9.8 CRITICAL)
• CVE-2026-11527 — Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument... (8.6 HIGH)