Filtered by vendor Jetbrains
Subscriptions
Total
494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 8 High |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2025-01-31 | 6.3 Medium |
| In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script | ||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 3.5 Low |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||||
| CVE-2024-54157 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 4.3 Medium |
| In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | ||||
| CVE-2024-54156 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 4.2 Medium |
| In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | ||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 7.1 High |
| In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | ||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 5.5 Medium |
| In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | ||||
| CVE-2025-24456 | 1 Jetbrains | 1 Hub | 2025-01-30 | 6.7 Medium |
| In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | ||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 6.5 Medium |
| In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | ||||
| CVE-2025-24460 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 4.3 Medium |
| In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | ||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 4.6 Medium |
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | ||||
| CVE-2022-48481 | 2 Apple, Jetbrains | 2 Macos, Toolbox | 2025-01-30 | 5.2 Medium |
| In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | ||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | 5.9 Medium |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||||
| CVE-2025-23385 | 1 Jetbrains | 3 Dottrace, Resharper, Rider | 2025-01-28 | 7.8 High |
| In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible | ||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 5.9 Medium |
| In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | ||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | ||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | ||||
| CVE-2024-36375 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 5.3 Medium |
| In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | ||||