VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2025-24456Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

  • CVE-2024-56356Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

  • CVE-2024-56354Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

  • CVE-2024-56353Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

  • CVE-2024-56351Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

  • CVE-2024-56350Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects

  • CVE-2024-56349Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs

  • CVE-2024-56348Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

  • CVE-2024-54158Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

  • CVE-2024-54157Dec 4, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector

  • CVE-2024-54156Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack

  • CVE-2024-54155Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication

  • CVE-2024-54154Dec 4, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

  • CVE-2024-54153Dec 4, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter

  • CVE-2024-52555Nov 15, 2024
    risk 0.00cvss epss 0.00

    In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

  • CVE-2024-50574Oct 28, 2024
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality

  • CVE-2024-50573Oct 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services

  • CVE-2024-49580Oct 17, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

  • CVE-2024-49579Oct 17, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests

  • CVE-2024-48902Oct 10, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

  • CVE-2024-47951Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings

  • CVE-2024-47950Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

  • CVE-2024-47949Oct 8, 2024
    risk 0.00cvss epss 0.23

    In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location

  • CVE-2024-47948Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups

  • CVE-2024-47161Oct 8, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

  • CVE-2024-47162Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

  • CVE-2024-47160Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

  • CVE-2024-47159Sep 19, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project

  • CVE-2024-46970Sep 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

  • CVE-2024-43809Aug 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

  • CVE-2024-43808Aug 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin

  • CVE-2024-43114Aug 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

  • CVE-2024-41829Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

  • CVE-2024-41828Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

  • CVE-2024-41827Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

  • CVE-2024-41826Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page

  • CVE-2024-41824Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

  • CVE-2024-39879Jul 1, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

  • CVE-2024-39878Jul 1, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

  • CVE-2024-38507Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible

  • CVE-2024-38506Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows

  • CVE-2024-38505Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site

  • CVE-2024-38504Jun 18, 2024
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

  • CVE-2024-36470May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

  • CVE-2024-36378May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

  • CVE-2024-36377May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

  • CVE-2024-36376May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions

  • CVE-2024-36375May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed

  • CVE-2024-36368May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

  • CVE-2024-36365May 29, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent

Page 4 of 12