Filtered by vendor Jetbrains
Subscriptions
Total
508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57731 | 1 Jetbrains | 1 Youtrack | 2025-08-21 | 8.7 High |
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | ||||
| CVE-2025-57729 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | 6.5 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start | ||||
| CVE-2025-57728 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | 6.5 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files | ||||
| CVE-2025-57727 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | 4.7 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | ||||
| CVE-2025-54528 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 5.4 Medium |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | ||||
| CVE-2025-54529 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 3.7 Low |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | ||||
| CVE-2025-54530 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 7.5 High |
| In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | ||||
| CVE-2025-54531 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 7.7 High |
| In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows | ||||
| CVE-2025-54536 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 5.4 Medium |
| In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | ||||
| CVE-2025-54532 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 4.3 Medium |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | ||||
| CVE-2025-54533 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 4.3 Medium |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration | ||||
| CVE-2025-54534 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 4.8 Medium |
| In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page | ||||
| CVE-2025-54535 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 5.8 Medium |
| In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms | ||||
| CVE-2025-54538 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 5.5 Medium |
| In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | ||||
| CVE-2025-54537 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | 5.5 Medium |
| In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | ||||
| CVE-2025-54527 | 1 Jetbrains | 1 Youtrack | 2025-07-29 | 6.1 Medium |
| In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions | ||||
| CVE-2025-23385 | 1 Jetbrains | 3 Dottrace, Resharper, Rider | 2025-07-12 | 7.8 High |
| In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible | ||||
| CVE-2025-52875 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 5.4 Medium |
| In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | ||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.3 Medium |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | ||||
| CVE-2025-52877 | 1 Jetbrains | 1 Teamcity | 2025-06-27 | 4.8 Medium |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | ||||