VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2024-27199HigKEVMar 4, 2024
    risk 0.73cvss 7.3epss 1.00

    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

  • CVE-2026-49368HigMay 29, 2026
    risk 0.57cvss 8.7epss 0.00

    In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

  • CVE-2026-44413HigMay 11, 2026
    risk 0.53cvss 8.2epss 0.00

    In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access

  • CVE-2026-49367HigMay 29, 2026
    risk 0.52cvss 8.0epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

  • CVE-2026-49366HigMay 29, 2026
    risk 0.51cvss 7.8epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

  • CVE-2018-14878HigAug 13, 2018
    risk 0.51cvss 7.8epss 0.02

    JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

  • CVE-2026-49374HigMay 29, 2026
    risk 0.49cvss 7.6epss 0.00

    In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

  • CVE-2026-49372HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

  • CVE-2017-8316HigAug 3, 2018
    risk 0.49cvss 7.5epss 0.02

    IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

  • CVE-2026-41882HigApr 30, 2026
    risk 0.48cvss 7.4epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

  • CVE-2026-33392HigApr 17, 2026
    risk 0.47cvss 7.2epss 0.00

    In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

  • CVE-2026-49373HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

  • CVE-2026-49371HigMay 29, 2026
    risk 0.46cvss 7.1epss 0.00

    In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

  • CVE-2026-32229MedMar 11, 2026
    risk 0.44cvss 6.8epss 0.00

    In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled

  • CVE-2026-49386MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

  • CVE-2026-49385MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

  • CVE-2026-49379MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

  • CVE-2026-49376MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

  • CVE-2026-32745MedMar 13, 2026
    risk 0.41cvss 6.3epss 0.00

    In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

  • CVE-2026-49384MedMay 29, 2026
    risk 0.40cvss 6.1epss 0.00

    In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

  • CVE-2026-49375MedMay 29, 2026
    risk 0.40cvss 6.1epss 0.00

    In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

  • CVE-2026-41153MedApr 17, 2026
    risk 0.38cvss 5.8epss 0.00

    In JetBrains Junie before 252.549.29 command execution was possible via malicious project file

  • CVE-2026-49382MedMay 29, 2026
    risk 0.29cvss 4.5epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

  • CVE-2026-49378MedMay 29, 2026
    risk 0.28cvss 4.3epss 0.00

    In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

  • CVE-2026-49377MedMay 29, 2026
    risk 0.28cvss 4.3epss 0.01

    In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

  • CVE-2026-49369MedMay 29, 2026
    risk 0.28cvss 4.3epss 0.00

    In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

  • CVE-2024-27198KEVMar 4, 2024
    risk 0.28cvss epss 1.00

    In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

  • CVE-2023-42793KEVSep 19, 2023
    risk 0.28cvss epss 1.00

    In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

  • CVE-2026-49381LowMay 29, 2026
    risk 0.22cvss 3.4epss 0.00

    In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

  • CVE-2026-49370LowMay 29, 2026
    risk 0.22cvss 3.4epss 0.00

    In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

  • CVE-2026-49383LowMay 29, 2026
    risk 0.21cvss 3.3epss 0.00

    In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

  • CVE-2026-49380LowMay 29, 2026
    risk 0.20cvss 3.1epss 0.00

    In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

  • CVE-2024-23917Feb 6, 2024
    risk 0.06cvss epss 0.54

    In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

  • CVE-2024-43810Aug 16, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin

  • CVE-2024-41825Jul 22, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab

  • CVE-2024-36374May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible

  • CVE-2024-36373May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

  • CVE-2024-36371May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible

  • CVE-2024-36370May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

  • CVE-2024-36369May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

  • CVE-2024-36366May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

  • CVE-2024-36363May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible

  • CVE-2025-31140Mar 27, 2025
    risk 0.03cvss epss 0.27

    In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

  • CVE-2024-56355Dec 20, 2024
    risk 0.03cvss epss 0.01

    In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

  • CVE-2024-56352Dec 20, 2024
    risk 0.03cvss epss 0.01

    In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

  • CVE-2024-43807Aug 16, 2024
    risk 0.03cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page

  • CVE-2019-15039Oct 1, 2019
    risk 0.03cvss epss 0.13

    An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

  • CVE-2025-24459Jan 21, 2025
    risk 0.02cvss epss 0.03

    In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

  • CVE-2024-50582Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements

  • CVE-2024-50581Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag

Page 1 of 12