Vendor CVEs
Jetbrains
All CVEs
564 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-57731 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | |||
| CVE-2025-57730 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature | |||
| CVE-2025-57729 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start | |||
| CVE-2025-57728 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files | |||
| CVE-2025-57727 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | |||
| CVE-2025-54538 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | |||
| CVE-2025-54537 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | |||
| CVE-2025-54536 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | |||
| CVE-2025-54535 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms | |||
| CVE-2025-54534 | 0.00 | — | 0.01 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page | |||
| CVE-2025-54533 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration | |||
| CVE-2025-54532 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | |||
| CVE-2025-54531 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows | |||
| CVE-2025-54530 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | |||
| CVE-2025-54529 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | |||
| CVE-2025-54528 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | |||
| CVE-2025-54527 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions | |||
| CVE-2025-53959 | 0.00 | — | 0.00 | Jul 15, 2025 | In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | |||
| CVE-2025-52879 | 0.00 | — | 0.01 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | |||
| CVE-2025-52878 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | |||
| CVE-2025-52877 | 0.00 | — | 0.14 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | |||
| CVE-2025-52876 | 0.00 | — | 0.14 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible | |||
| CVE-2025-52875 | 0.00 | — | 0.01 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | |||
| CVE-2025-47854 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | |||
| CVE-2025-47853 | 0.00 | — | 0.01 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible | |||
| CVE-2025-47852 | 0.00 | — | 0.01 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible | |||
| CVE-2025-47851 | 0.00 | — | 0.02 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible | |||
| CVE-2025-47850 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning | |||
| CVE-2025-48391 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API | |||
| CVE-2025-46618 | 0.00 | — | 0.22 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | |||
| CVE-2025-46433 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | |||
| CVE-2025-46432 | 0.00 | — | 0.01 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | |||
| CVE-2025-43016 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session | |||
| CVE-2025-43015 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces | |||
| CVE-2025-43014 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation | |||
| CVE-2025-43013 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | |||
| CVE-2025-43012 | 0.00 | — | 0.01 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | |||
| CVE-2025-42921 | 0.00 | — | 0.00 | Apr 17, 2025 | In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | |||
| CVE-2025-32054 | 0.00 | — | 0.00 | Apr 3, 2025 | In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file | |||
| CVE-2025-31141 | 0.00 | — | 0.00 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | |||
| CVE-2025-31139 | 0.00 | — | 0.01 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | |||
| CVE-2025-29932 | 0.00 | — | 0.00 | Mar 25, 2025 | In JetBrains GoLand before 2025.1 an XXE during debugging was possible | |||
| CVE-2025-29904 | 0.00 | — | 0.00 | Mar 12, 2025 | In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible | |||
| CVE-2025-29903 | 0.00 | — | 0.00 | Mar 12, 2025 | In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible | |||
| CVE-2025-26492 | 0.00 | — | 0.00 | Feb 11, 2025 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources | |||
| CVE-2025-23385 | 0.00 | — | 0.00 | Jan 28, 2025 | In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible | |||
| CVE-2025-24461 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | |||
| CVE-2025-24460 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | |||
| CVE-2025-24458 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | |||
| CVE-2025-24457 | 0.00 | — | 0.01 | Jan 21, 2025 | In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs |
- CVE-2025-57731Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
- CVE-2025-57730Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
- CVE-2025-57729Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
- CVE-2025-57728Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
- CVE-2025-57727Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
- CVE-2025-54538Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
- CVE-2025-54537Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
- CVE-2025-54536Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
- CVE-2025-54535Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
- CVE-2025-54534Jul 28, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
- CVE-2025-54533Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
- CVE-2025-54532Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
- CVE-2025-54531Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
- CVE-2025-54530Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
- CVE-2025-54529Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
- CVE-2025-54528Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
- CVE-2025-54527Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
- CVE-2025-53959Jul 15, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
- CVE-2025-52879Jun 23, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
- CVE-2025-52878Jun 23, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
- CVE-2025-52877Jun 23, 2025risk 0.00cvss —epss 0.14
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
- CVE-2025-52876Jun 23, 2025risk 0.00cvss —epss 0.14
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
- CVE-2025-52875Jun 23, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
- CVE-2025-47854May 20, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
- CVE-2025-47853May 20, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
- CVE-2025-47852May 20, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
- CVE-2025-47851May 20, 2025risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
- CVE-2025-47850May 20, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
- CVE-2025-48391May 20, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
- CVE-2025-46618Apr 25, 2025risk 0.00cvss —epss 0.22
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
- CVE-2025-46433Apr 25, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
- CVE-2025-46432Apr 25, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
- CVE-2025-43016Apr 25, 2025risk 0.00cvss —epss 0.00
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
- CVE-2025-43015Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
- CVE-2025-43014Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
- CVE-2025-43013Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
- CVE-2025-43012Apr 17, 2025risk 0.00cvss —epss 0.01
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
- CVE-2025-42921Apr 17, 2025risk 0.00cvss —epss 0.00
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
- CVE-2025-32054Apr 3, 2025risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
- CVE-2025-31141Mar 27, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
- CVE-2025-31139Mar 27, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
- CVE-2025-29932Mar 25, 2025risk 0.00cvss —epss 0.00
In JetBrains GoLand before 2025.1 an XXE during debugging was possible
- CVE-2025-29904Mar 12, 2025risk 0.00cvss —epss 0.00
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
- CVE-2025-29903Mar 12, 2025risk 0.00cvss —epss 0.00
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
- CVE-2025-26492Feb 11, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
- CVE-2025-23385Jan 28, 2025risk 0.00cvss —epss 0.00
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
- CVE-2025-24461Jan 21, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
- CVE-2025-24460Jan 21, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
- CVE-2025-24458Jan 21, 2025risk 0.00cvss —epss 0.00
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
- CVE-2025-24457Jan 21, 2025risk 0.00cvss —epss 0.01
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
Page 3 of 12