Vendor
Jetbrains
Products
7
CVEs
233
Across products
237
Status
Private
Products
7- 166 CVEs
- 48 CVEs
- 13 CVEs
- 5 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
233| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 0.91 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
| CVE-2026-41882 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2026 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | |
| CVE-2026-33392 | Hig | 0.47 | 7.2 | 0.00 | Apr 17, 2026 | In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | |
| CVE-2026-32229 | Med | 0.44 | 6.8 | 0.00 | Mar 11, 2026 | In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | |
| CVE-2026-32745 | Med | 0.41 | 6.3 | 0.00 | Mar 13, 2026 | In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | |
| CVE-2026-41153 | Med | 0.38 | 5.8 | 0.00 | Apr 17, 2026 | In JetBrains Junie before 252.549.29 command execution was possible via malicious project file | |
| CVE-2024-27198 | 0.28 | — | 0.93 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | |
| CVE-2023-42793 | 0.28 | — | 0.93 | KEV | Sep 19, 2023 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |
| CVE-2024-23917 | 0.06 | — | 0.73 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | ||
| CVE-2024-43810 | 0.04 | — | 0.48 | Aug 16, 2024 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | ||
| CVE-2024-41825 | 0.04 | — | 0.56 | Jul 22, 2024 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | ||
| CVE-2024-36374 | 0.04 | — | 0.46 | May 29, 2024 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | ||
| CVE-2024-36373 | 0.04 | — | 0.56 | May 29, 2024 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | ||
| CVE-2024-36371 | 0.04 | — | 0.55 | May 29, 2024 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | ||
| CVE-2024-36370 | 0.04 | — | 0.46 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible | ||
| CVE-2024-36369 | 0.04 | — | 0.56 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible | ||
| CVE-2024-36363 | 0.04 | — | 0.56 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible | ||
| CVE-2024-35302 | 0.04 | — | 0.47 | May 16, 2024 | In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible | ||
| CVE-2024-56355 | 0.03 | — | 0.34 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | ||
| CVE-2024-56352 | 0.03 | — | 0.34 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page |