VYPR

Intellij Idea

by Jetbrains

CVEs (62)

  • CVE-2026-49367HigMay 29, 2026
    risk 0.52cvss 8.0epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

  • CVE-2026-49366HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

  • CVE-2017-8316HigAug 3, 2018
    risk 0.49cvss 7.5epss 0.02

    IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

  • CVE-2026-41882HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

  • CVE-2026-49382MedMay 29, 2026
    risk 0.29cvss 4.5epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

  • CVE-2026-49383LowMay 29, 2026
    risk 0.21cvss 3.3epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

  • CVE-2024-37051Jun 10, 2024
    risk 0.01cvss epss 0.04

    GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,…

  • CVE-2025-68269Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH

  • CVE-2025-57730Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

  • CVE-2025-57729Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start

  • CVE-2025-57728Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

  • CVE-2025-57727Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference

  • CVE-2025-32054Apr 3, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

  • CVE-2024-46970Sep 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

  • CVE-2024-24941Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

  • CVE-2024-24940Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

  • CVE-2023-51655Dec 21, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

  • CVE-2023-39261Jul 26, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

  • CVE-2023-38069Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

  • CVE-2022-48433Mar 29, 2023
    risk 0.00cvss epss 0.01

    In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

Page 1 of 4