In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference