VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2025-57731Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

  • CVE-2025-57730Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

  • CVE-2025-57729Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start

  • CVE-2025-57728Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

  • CVE-2025-57727Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference

  • CVE-2025-54538Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command

  • CVE-2025-54537Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots

  • CVE-2025-54536Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint

  • CVE-2025-54535Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms

  • CVE-2025-54534Jul 28, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page

  • CVE-2025-54533Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration

  • CVE-2025-54532Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies

  • CVE-2025-54531Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

  • CVE-2025-54530Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

  • CVE-2025-54529Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration

  • CVE-2025-54528Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

  • CVE-2025-54527Jul 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

  • CVE-2025-53959Jul 15, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

  • CVE-2025-52879Jun 23, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

  • CVE-2025-52878Jun 23, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

  • CVE-2025-52877Jun 23, 2025
    risk 0.00cvss epss 0.14

    In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

  • CVE-2025-52876Jun 23, 2025
    risk 0.00cvss epss 0.14

    In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

  • CVE-2025-52875Jun 23, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

  • CVE-2025-47854May 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

  • CVE-2025-47853May 20, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

  • CVE-2025-47852May 20, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

  • CVE-2025-47851May 20, 2025
    risk 0.00cvss epss 0.02

    In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

  • CVE-2025-47850May 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

  • CVE-2025-48391May 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

  • CVE-2025-46618Apr 25, 2025
    risk 0.00cvss epss 0.22

    In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

  • CVE-2025-46433Apr 25, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

  • CVE-2025-46432Apr 25, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

  • CVE-2025-43016Apr 25, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

  • CVE-2025-43015Apr 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces

  • CVE-2025-43014Apr 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

  • CVE-2025-43013Apr 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

  • CVE-2025-43012Apr 17, 2025
    risk 0.00cvss epss 0.01

    In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

  • CVE-2025-42921Apr 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

  • CVE-2025-32054Apr 3, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

  • CVE-2025-31141Mar 27, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

  • CVE-2025-31139Mar 27, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

  • CVE-2025-29932Mar 25, 2025
    risk 0.00cvss epss 0.00

    In JetBrains GoLand before 2025.1 an XXE during debugging was possible

  • CVE-2025-29904Mar 12, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible

  • CVE-2025-29903Mar 12, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible

  • CVE-2025-26492Feb 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

  • CVE-2025-23385Jan 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

  • CVE-2025-24461Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

  • CVE-2025-24460Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool

  • CVE-2025-24458Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

  • CVE-2025-24457Jan 21, 2025
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

Page 3 of 12