VYPR
Vendor

Jetbrains

Products
38
CVEs
564
Across products
578
Status
Private

Products

38
View all 38 products →

Recent CVEs

564
View all 564 CVEs →
  • CVE-2024-27199HigKEVMar 4, 2024
    risk 0.73cvss 7.3epss 1.00

    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

  • CVE-2026-49368HigMay 29, 2026
    risk 0.57cvss 8.7epss 0.00

    In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

  • CVE-2026-44413HigMay 11, 2026
    risk 0.53cvss 8.2epss 0.00

    In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

  • CVE-2026-49367HigMay 29, 2026
    risk 0.52cvss 8.0epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

  • CVE-2026-49366HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

  • CVE-2018-14878HigAug 13, 2018
    risk 0.51cvss 7.8epss 0.02

    JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

  • CVE-2026-49374HigMay 29, 2026
    risk 0.49cvss 7.6epss 0.00

    In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

  • CVE-2026-49372HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

  • CVE-2017-8316HigAug 3, 2018
    risk 0.49cvss 7.5epss 0.02

    IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

  • CVE-2026-41882HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

  • CVE-2026-33392HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.00

    In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

  • CVE-2026-49373HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

  • CVE-2026-49371HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

  • CVE-2026-32229MedMar 11, 2026
    risk 0.44cvss 6.8epss 0.00

    In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled

  • CVE-2026-49386MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

  • CVE-2026-49385MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

  • CVE-2026-49379MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

  • CVE-2026-49376MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

  • CVE-2026-32745MedMar 13, 2026
    risk 0.41cvss 6.3epss 0.00

    In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

  • CVE-2026-49384MedMay 29, 2026
    risk 0.40cvss 6.1epss 0.00

    In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible