Filtered by vendor Jetbrains
Subscribe
Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31141 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 2.7 LOW |
|
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
|
|||||
| CVE-2025-46432 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
|
|||||
| CVE-2025-46433 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.9 MEDIUM |
|
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
|
|||||
| CVE-2025-46618 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 3.5 LOW |
|
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
|
|||||
| CVE-2024-24940 | 1 Jetbrains | 1 Intellij Idea | 2025-05-15 | N/A | 2.8 LOW |
|
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
|
|||||
| CVE-2025-43015 | 1 Jetbrains | 1 Rubymine | 2025-04-25 | N/A | 8.3 HIGH |
|
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
|
|||||
| CVE-2025-43014 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 6.1 MEDIUM |
|
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
|
|||||
| CVE-2025-43013 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 6.9 MEDIUM |
|
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
|
|||||
| CVE-2025-42921 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 4.2 MEDIUM |
|
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
|
|||||
| CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
|
|||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2024-36371 | 1 Jetbrains | 1 Teamcity | 2025-02-07 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
|
|||||
| CVE-2024-36470 | 1 Jetbrains | 1 Teamcity | 2025-02-07 | N/A | 8.1 HIGH |
|
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
|
|||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.7 LOW |
|
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
|
|||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 8.0 HIGH |
|
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
|
|||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.1 LOW |
|
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
|
|||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2025-01-31 | N/A | 6.3 MEDIUM |
|
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
|
|||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 3.5 LOW |
|
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
|
|||||
| CVE-2024-54157 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 4.3 MEDIUM |
|
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
|
|||||
| CVE-2024-54156 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 4.2 MEDIUM |
|
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
|
|||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 7.1 HIGH |
|
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
|
|||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 5.5 MEDIUM |
|
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
|
|||||
| CVE-2025-24456 | 1 Jetbrains | 1 Hub | 2025-01-30 | N/A | 6.7 MEDIUM |
|
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
|
|||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
|
|||||
| CVE-2025-24460 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
|
|||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
|
|||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | N/A | 5.9 MEDIUM |
|
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
|
|||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 5.9 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
|
|||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
|
|||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
|
|||||
| CVE-2024-36375 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
|
|||||
| CVE-2024-36374 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
|
|||||
| CVE-2024-36373 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
|
|||||
| CVE-2024-36372 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
|
|||||
| CVE-2024-56348 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
|
|||||
| CVE-2024-56349 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
|
|||||
| CVE-2024-56350 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
|
|||||
| CVE-2024-56351 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 6.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
|
|||||
| CVE-2024-56352 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
|
|||||
| CVE-2024-56353 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
|
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
|
|||||