VYPR

Youtrack

by Jetbrains

CVEs (114)

  • CVE-2026-49368HigMay 29, 2026
    risk 0.57cvss 8.7epss 0.00

    In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

  • CVE-2026-33392HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.00

    In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

  • CVE-2026-49386MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

  • CVE-2026-49385MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

  • CVE-2026-49369MedMay 29, 2026
    risk 0.28cvss 4.3epss 0.00

    In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

  • CVE-2026-49370LowMay 29, 2026
    risk 0.22cvss 3.4epss 0.00

    In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

  • CVE-2024-50582Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

  • CVE-2024-50581Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

  • CVE-2024-50580Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

  • CVE-2024-50578Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page

  • CVE-2024-50576Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest

  • CVE-2024-50579Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible

  • CVE-2024-50577Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings

  • CVE-2024-50575Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API

  • CVE-2026-28193Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

  • CVE-2026-25846Feb 9, 2026
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

  • CVE-2025-64773Nov 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit

  • CVE-2025-64685Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

  • CVE-2025-64684Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form

  • CVE-2025-57731Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

Page 1 of 6