Filtered by vendor Jetbrains
Subscribe
Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68267 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token | |||||
| CVE-2025-68268 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page | |||||
| CVE-2025-67740 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata | |||||
| CVE-2025-67741 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute | |||||
| CVE-2025-67742 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 3.8 LOW |
| In JetBrains TeamCity before 2025.11 path traversal was possible via file upload | |||||
| CVE-2025-64773 | 1 Jetbrains | 1 Youtrack | 2025-12-11 | N/A | 2.7 LOW |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit | |||||
| CVE-2025-54527 | 1 Jetbrains | 1 Youtrack | 2025-12-01 | N/A | 6.1 MEDIUM |
| In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions | |||||
| CVE-2025-64683 | 1 Jetbrains | 1 Hub | 2025-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API | |||||
| CVE-2025-64684 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form | |||||
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 8.1 HIGH |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | |||||
| CVE-2025-64456 | 1 Jetbrains | 1 Resharper | 2025-11-20 | N/A | 8.4 HIGH |
| In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation | |||||
| CVE-2025-64681 | 1 Jetbrains | 1 Hub | 2025-11-20 | N/A | 2.7 LOW |
| In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations | |||||
| CVE-2025-64682 | 1 Jetbrains | 1 Hub | 2025-11-20 | N/A | 2.7 LOW |
| In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit | |||||
| CVE-2024-27198 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | |||||
| CVE-2023-42793 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |||||
| CVE-2025-58334 | 1 Jetbrains | 1 Ide Services | 2025-10-14 | N/A | 8.1 HIGH |
| In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves | |||||
| CVE-2025-53959 | 1 Jetbrains | 1 Youtrack | 2025-10-14 | N/A | 7.6 HIGH |
| In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | |||||
| CVE-2025-29904 | 1 Jetbrains | 1 Ktor | 2025-10-02 | N/A | 5.3 MEDIUM |
| In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible | |||||
| CVE-2025-43012 | 1 Jetbrains | 1 Toolbox | 2025-10-01 | N/A | 8.3 HIGH |
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | |||||
| CVE-2025-43016 | 1 Jetbrains | 1 Rider | 2025-10-01 | N/A | 5.4 MEDIUM |
| In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session | |||||