Filtered by vendor Jetbrains
Subscribe
Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28193 | 1 Jetbrains | 1 Youtrack | 2026-02-26 | N/A | 8.8 HIGH |
|
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
|
|||||
| CVE-2026-28196 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 2.3 LOW |
|
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
|
|||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
|
|||||
| CVE-2026-28194 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
|
|||||
| CVE-2020-29582 | 2 Jetbrains, Oracle | 4 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2026-02-25 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
|
|||||
| CVE-2026-25846 | 1 Jetbrains | 1 Youtrack | 2026-02-18 | N/A | 6.5 MEDIUM |
|
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
|
|||||
| CVE-2026-25847 | 1 Jetbrains | 1 Pycharm | 2026-02-18 | N/A | 8.2 HIGH |
|
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
|
|||||
| CVE-2026-25848 | 1 Jetbrains | 1 Hub | 2026-02-18 | N/A | 9.1 CRITICAL |
|
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
|
|||||
| CVE-2025-58335 | 1 Jetbrains | 1 Junie | 2026-01-20 | N/A | 5.5 MEDIUM |
|
In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 information disclosure was possible via search_project function
|
|||||
| CVE-2025-59458 | 1 Jetbrains | 1 Junie | 2026-01-20 | N/A | 8.3 HIGH |
|
In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 code execution was possible due to improper command validation
|
|||||
| CVE-2025-29903 | 1 Jetbrains | 1 Runtime | 2026-01-13 | N/A | 5.2 MEDIUM |
|
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
|
|||||
| CVE-2025-64457 | 1 Jetbrains | 3 Dottrace, Resharper, Rider | 2026-01-12 | N/A | 4.2 MEDIUM |
|
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
|
|||||
| CVE-2025-23385 | 1 Jetbrains | 4 Dottrace, Etw Host Service, Resharper and 1 more | 2026-01-12 | N/A | 7.8 HIGH |
|
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
|
|||||
| CVE-2025-67739 | 1 Jetbrains | 1 Teamcity | 2025-12-23 | N/A | 3.1 LOW |
|
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
|
|||||
| CVE-2025-68269 | 1 Jetbrains | 1 Intellij Idea | 2025-12-23 | N/A | 5.4 MEDIUM |
|
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
|
|||||
| CVE-2025-68162 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 2.7 LOW |
|
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
|
|||||
| CVE-2025-68163 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 3.5 LOW |
|
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
|
|||||
| CVE-2025-68164 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 2.7 LOW |
|
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
|
|||||
| CVE-2025-68165 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
|
|||||
| CVE-2025-68166 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
|
|||||
| CVE-2025-68267 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
|
|||||
| CVE-2025-68268 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
|
|||||
| CVE-2025-67740 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 2.7 LOW |
|
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
|
|||||
| CVE-2025-67741 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 4.6 MEDIUM |
|
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
|
|||||
| CVE-2025-67742 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 3.8 LOW |
|
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
|
|||||
| CVE-2025-64773 | 1 Jetbrains | 1 Youtrack | 2025-12-11 | N/A | 2.7 LOW |
|
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
|
|||||
| CVE-2025-54527 | 1 Jetbrains | 1 Youtrack | 2025-12-01 | N/A | 6.1 MEDIUM |
|
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
|
|||||
| CVE-2025-64683 | 1 Jetbrains | 1 Hub | 2025-11-21 | N/A | 5.3 MEDIUM |
|
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
|
|||||
| CVE-2025-64684 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 4.3 MEDIUM |
|
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
|
|||||
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 8.1 HIGH |
|
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
|
|||||
| CVE-2025-64456 | 1 Jetbrains | 1 Resharper | 2025-11-20 | N/A | 8.4 HIGH |
|
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
|
|||||
| CVE-2025-64681 | 1 Jetbrains | 1 Hub | 2025-11-20 | N/A | 2.7 LOW |
|
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
|
|||||
| CVE-2025-64682 | 1 Jetbrains | 1 Hub | 2025-11-20 | N/A | 2.7 LOW |
|
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
|
|||||
| CVE-2024-27198 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
|
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
|
|||||
| CVE-2023-42793 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
|
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
|
|||||
| CVE-2025-58334 | 1 Jetbrains | 1 Ide Services | 2025-10-14 | N/A | 8.1 HIGH |
|
In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
|
|||||
| CVE-2025-53959 | 1 Jetbrains | 1 Youtrack | 2025-10-14 | N/A | 7.6 HIGH |
|
In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible
|
|||||
| CVE-2025-29904 | 1 Jetbrains | 1 Ktor | 2025-10-02 | N/A | 5.3 MEDIUM |
|
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
|
|||||
| CVE-2025-43012 | 1 Jetbrains | 1 Toolbox | 2025-10-01 | N/A | 8.3 HIGH |
|
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
|
|||||
| CVE-2025-43016 | 1 Jetbrains | 1 Rider | 2025-10-01 | N/A | 5.4 MEDIUM |
|
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
|
|||||