Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57923

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-26 Jun, 2026 | 12:38
Updated At-26 Jun, 2026 | 13:45
Rejected At-
Credits

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:26 Jun, 2026 | 12:38
Updated At:26 Jun, 2026 | 13:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
YouTrack
Default Status
unaffected
Versions
Affected
  • From 0 before 2026.2.16593 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-862
Type: N/A
CWE ID: N/A
Description: CWE-862
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:26 Jun, 2026 | 14:17
Updated At:27 Jun, 2026 | 19:32

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

JetBrains s.r.o.
jetbrains
>>youtrack>>Versions before 2026.2.16593(exclusive)
cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarycve@jetbrains.com
CWE-862Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-862
Type: Primary
Source: cve@jetbrains.com
CWE ID: CWE-862
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

213Records found

CVE-2025-43016
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 21.18%
||
7 Day CHG~0.00%
Published-25 Apr, 2025 | 14:32
Updated-01 Oct, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

Action-Not Available
Vendor-JetBrains s.r.o.
Product-riderRider
CWE ID-CWE-23
Relative Path Traversal
CVE-2020-15827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.31%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:24
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.49%
||
7 Day CHG+0.02%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-43203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.25%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:52
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-15042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.20%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 16:41
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-15038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.31%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 15:46
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-37550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.35%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:29
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-697
Incorrect Comparison
CVE-2021-31901
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.16%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:34
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2021-31902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.21%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:38
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-47949
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.9||MEDIUM
EPSS-22.90% / 97.46%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 15:48
Updated-11 Oct, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.42%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2021-37545
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.15%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:24
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-5207
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.76% / 50.85%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 19:30
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Request smuggling is possible in Ktor when both chunked TE and content length specified

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

Action-Not Available
Vendor-Ktor.ioJetBrains s.r.o.
Product-ktorKtor
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-11795
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 52.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-48391
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.7||HIGH
EPSS-0.35% / 26.79%
||
7 Day CHG~0.00%
Published-20 May, 2025 | 17:37
Updated-30 Sep, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-34228
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.97%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 13:03
Updated-09 Jan, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-308
Use of Single-factor Authentication
CVE-2026-57922
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-3.1||LOW
EPSS-0.14% / 3.92%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 12:38
Updated-27 Jun, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-49378
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.34%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-02 Jun, 2026 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2026-49385
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.55%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-01 Jun, 2026 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-49367
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-8||HIGH
EPSS-0.33% / 25.07%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-01 Jun, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-862
Missing Authorization
CVE-2026-57921
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 7.43%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 12:38
Updated-27 Jun, 2026 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-49374
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-7.6||HIGH
EPSS-0.23% / 13.22%
||
7 Day CHG~0.00%
Published-29 May, 2026 | 18:15
Updated-02 Jun, 2026 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2025-24461
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.90%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 17:23
Updated-30 Jan, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2026-57925
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 6.28%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 12:38
Updated-27 Jun, 2026 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-28193
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-8.8||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 12:57
Updated-26 Feb, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2026-28195
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 5.37%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 12:57
Updated-25 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2024-56349
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 19.11%
||
7 Day CHG~0.00%
Published-20 Dec, 2024 | 14:11
Updated-02 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2024-54153
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-3.1||LOW
EPSS-0.36% / 27.72%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-54155
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-3.7||LOW
EPSS-0.41% / 32.88%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-50573
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 11.89%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:55
Updated-29 Oct, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-862
Missing Authorization
CVE-2024-38504
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 28.19%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2024-36377
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-27 Jan, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2024-48902
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 28.29%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 10:34
Updated-16 Oct, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2024-38506
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 23.26%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2025-64684
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.5||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 13:27
Updated-21 Nov, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2025-64681
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-2.7||LOW
EPSS-0.17% / 6.24%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 13:27
Updated-20 Nov, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-862
Missing Authorization
CVE-2025-58334
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-8.1||HIGH
EPSS-0.26% / 17.39%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 16:48
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

Action-Not Available
Vendor-JetBrains s.r.o.
Product-ide_servicesIDE Services
CWE ID-CWE-862
Missing Authorization
CVE-2025-53959
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-7.6||HIGH
EPSS-0.26% / 17.76%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 16:26
Updated-14 Oct, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2025-52878
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 20.79%
||
7 Day CHG~0.00%
Published-23 Jun, 2025 | 14:13
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-TeamCity
CWE ID-CWE-862
Missing Authorization
CVE-2024-28230
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.33%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 11:40
Updated-16 Dec, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2019-20599
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 25.26%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:10
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-862
Missing Authorization
CVE-2026-39448
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-02 Jul, 2026 | 11:15
Updated-02 Jul, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.

Action-Not Available
Vendor-CoderPress
Product-NOWPayments for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-6372
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.20% / 10.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 16:16
Updated-22 Apr, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerability

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.

Action-Not Available
Vendor-Plisio
Product-Accept Cryptocurrencies with Plisio
CWE ID-CWE-862
Missing Authorization
CVE-2026-56025
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

Action-Not Available
Vendor-Paymob
Product-Paymob for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-54830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:12
Updated-29 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

Action-Not Available
Vendor-Etoile Web Design Incorporated
Product-Five Star Restaurant Reservations
CWE ID-CWE-862
Missing Authorization
CVE-2026-54835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-29 Jun, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

Action-Not Available
Vendor-Rustaurius
Product-Five Star Restaurant Menu
CWE ID-CWE-862
Missing Authorization
CVE-2026-48151
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 12.96%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 16:57
Updated-28 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding automation trigger output schema. This vulnerability is fixed in 3.39.0.

Action-Not Available
Vendor-Budibase
Product-budibase
CWE ID-CWE-862
Missing Authorization
CVE-2023-43700
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.7||HIGH
EPSS-0.63% / 45.66%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 11:56
Updated-19 Sep, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

Action-Not Available
Vendor-SICK AG
Product-apu0200apu0200_firmwareAPU0200rdt400
CWE ID-CWE-862
Missing Authorization
CVE-2026-48873
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 14.81%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Action-Not Available
Vendor-Montonio
Product-Montonio for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-48835
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.30% / 22.26%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Contact Form by WPForms
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found