Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-53914

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-26 Jun, 2026 | 13:01
Updated At-27 Jun, 2026 | 03:55
Rejected At-
Credits

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:26 Jun, 2026 | 13:01
Updated At:27 Jun, 2026 | 03:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
Kotlin
Default Status
unaffected
Versions
Affected
  • From 0 before 2.4.20 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-502
Type: N/A
CWE ID: N/A
Description: CWE-502
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:26 Jun, 2026 | 14:17
Updated At:27 Jun, 2026 | 19:36

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

JetBrains s.r.o.
jetbrains
>>kotlin>>Versions before 2.4.20(exclusive)
cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Secondarycve@jetbrains.com
CWE-502Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-502
Type: Secondary
Source: cve@jetbrains.com
CWE ID: CWE-502
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1044Records found

CVE-2019-18364
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.48% / 87.68%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 14:54
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-37544
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 64.49%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:23
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-59458
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.3||HIGH
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 09:04
Updated-20 Jan, 2026 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation

Action-Not Available
Vendor-JetBrains s.r.o.
Product-junieJunie
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-43012
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.3||HIGH
EPSS-0.66% / 47.17%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:56
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-toolboxToolbox App
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-54530
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.18% / 7.69%
||
7 Day CHG+0.01%
Published-28 Jul, 2025 | 16:20
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-42793
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-99.98% / 99.98%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 16:57
Updated-24 Oct, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 80.72%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CVE-2022-25262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.42% / 69.53%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-24331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.13% / 62.41%
||
7 Day CHG+0.03%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.15%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:43
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-45977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 60.65%
||
7 Day CHG+0.03%
Published-25 Feb, 2022 | 14:36
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormpycharmintellij_ideaphpstormcliongolandrubyminen/a
CVE-2021-43183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.78%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:53
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2026-41153
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.8||MEDIUM
EPSS-0.26% / 17.07%
||
7 Day CHG~0.00%
Published-17 Apr, 2026 | 14:29
Updated-27 Apr, 2026 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file

Action-Not Available
Vendor-JetBrains s.r.o.
Product-junieJunie
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-34218
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.1||CRITICAL
EPSS-0.59% / 43.81%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 13:03
Updated-09 Jan, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-15039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.93% / 95.83%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:20
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-43185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 77.70%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:32
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-50242
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-10||CRITICAL
EPSS-0.42% / 33.47%
||
7 Day CHG-0.02%
Published-19 Jun, 2026 | 11:49
Updated-26 Jun, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-36209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.49%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:19
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2021-31914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 80.76%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:11
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

Action-Not Available
Vendor-n/aMicrosoft CorporationJetBrains s.r.o.
Product-windowsteamcityn/a
CVE-2021-31909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 86.60%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:59
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2023-51655
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.33% / 25.38%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 09:57
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-25770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.47% / 87.64%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:31
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-57926
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-2.6||LOW
EPSS-0.18% / 7.54%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 12:38
Updated-27 Jun, 2026 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-56141
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 28.52%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 11:49
Updated-26 Jun, 2026 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2024-54154
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrackyoutrack
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-25848
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.1||CRITICAL
EPSS-0.43% / 34.17%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 10:39
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-41827
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.4||HIGH
EPSS-0.40% / 32.40%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:50
Updated-07 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-25207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.38% / 90.10%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 15:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CVE-2024-36470
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.99%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-07 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-11796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 65.21%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-12736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 80.51%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:48
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-12157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.82% / 76.08%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:51
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityupsourcen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48342
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.2||MEDIUM
EPSS-0.31% / 23.26%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 15:44
Updated-12 Mar, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2021-31897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 71.88%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:19
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormn/a
CVE-2022-25263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.16% / 79.96%
||
7 Day CHG+0.05%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-24442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.63% / 88.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 20:01
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-31915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 86.63%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:12
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-43202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.05% / 60.15%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 15:21
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2022-24340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 58.89%
||
7 Day CHG+0.02%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-43193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 77.69%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:49
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2022-48477
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.48% / 38.07%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 12:21
Updated-04 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-27198
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-99.94% / 99.97%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 17:21
Updated-24 Oct, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-28||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-23917
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-53.73% / 98.87%
||
7 Day CHG-0.28%
Published-06 Feb, 2024 | 09:21
Updated-01 Aug, 2024 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-45612
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.6||HIGH
EPSS-0.60% / 44.09%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:20
Updated-19 Sep, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

Action-Not Available
Vendor-JetBrains s.r.o.
Product-ktorKtorktor
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-25758
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 57.33%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:16
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to local code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-14878
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.56% / 72.22%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-resharper_ultimatedotpeekn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-43981
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.41%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.

Action-Not Available
Vendor-presto-changeon/apresto-changeo
Product-test_site_creatorn/atest_site_creator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-20330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.64% / 94.45%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 03:35
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-global_lifecycle_management_opatchretail_sales_auditcommunications_contacts_serverprimavera_unifiercommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorsiebel_ui_frameworkcommunications_network_charging_and_controlactive_iq_unified_managerbanking_platformcommunications_instant_messaging_serverretail_merchandising_systemsnapcentersteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindtrace_file_analyzergoldengate_stream_analyticsretail_xstore_point_of_servicecustomer_management_and_segmentation_foundationcommunications_evolved_communications_application_servergoldengate_application_adaptersservice_level_managerjd_edwards_enterpriseone_toolsenterprise_manager_base_platformwebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-61168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 38.34%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 00:00
Updated-01 Dec, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.

Action-Not Available
Vendor-sigbn/a
Product-pmbn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-25767
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-2.91% / 85.27%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 15:30
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.

Action-Not Available
Vendor-ureport2_projectn/a
Product-ureport2com.bstek.ureport:ureport2-console
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 20
  • 21
  • Next
Details not found