Search Results (573 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-68267 1 Jetbrains 1 Teamcity 2025-12-18 6.5 Medium
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVE-2025-68268 1 Jetbrains 1 Teamcity 2025-12-18 5.4 Medium
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVE-2025-67740 1 Jetbrains 1 Teamcity 2025-12-15 2.7 Low
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVE-2025-67741 1 Jetbrains 1 Teamcity 2025-12-15 4.8 Medium
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVE-2025-67742 1 Jetbrains 1 Teamcity 2025-12-15 3.8 Low
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVE-2025-64773 1 Jetbrains 1 Youtrack 2025-12-11 2.7 Low
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-64690 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64689 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64688 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64687 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
CVE-2025-64686 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
CVE-2025-54527 1 Jetbrains 1 Youtrack 2025-12-01 6.1 Medium
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-64683 1 Jetbrains 1 Hub 2025-11-21 5.3 Medium
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64684 1 Jetbrains 1 Youtrack 2025-11-21 4.5 Medium
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-64681 1 Jetbrains 1 Hub 2025-11-20 2.7 Low
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-64682 1 Jetbrains 1 Hub 2025-11-20 2.7 Low
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2024-27198 1 Jetbrains 1 Teamcity 2025-10-24 9.8 Critical
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
CVE-2023-42793 1 Jetbrains 1 Teamcity 2025-10-24 9.8 Critical
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVE-2025-53959 1 Jetbrains 1 Youtrack 2025-10-14 7.6 High
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CVE-2025-29904 1 Jetbrains 1 Ktor 2025-10-02 5.3 Medium
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible