VYPR

Teamcity

by Jetbrains

Source repositories

CVEs (267)

  • CVE-2025-68165Dec 16, 2025
    risk 0.00cvss epss 0.03

    In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup

  • CVE-2025-68164Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

  • CVE-2025-68163Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page

  • CVE-2025-68162Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration

  • CVE-2025-67742Dec 11, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

  • CVE-2025-67741Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

  • CVE-2025-67740Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

  • CVE-2025-67739Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

  • CVE-2025-59457Sep 17, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows

  • CVE-2025-59456Sep 17, 2025
    risk 0.00cvss epss 0.12

    In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload

  • CVE-2025-59455Sep 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition

  • CVE-2025-57734Aug 20, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

  • CVE-2025-57733Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content

  • CVE-2025-57732Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

  • CVE-2025-54538Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command

  • CVE-2025-54537Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots

  • CVE-2025-54536Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint

  • CVE-2025-54535Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms

  • CVE-2025-54534Jul 28, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page

  • CVE-2025-54533Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration

Page 3 of 14