Filtered by vendor Jetbrains
Subscriptions
Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28196 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | 2.3 Low |
| In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk | ||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | ||||
| CVE-2026-28194 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow | ||||
| CVE-2020-29582 | 3 Jetbrains, Oracle, Redhat | 7 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 4 more | 2026-02-25 | 5.3 Medium |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | ||||
| CVE-2026-25846 | 1 Jetbrains | 1 Youtrack | 2026-02-18 | 6.5 Medium |
| In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs | ||||
| CVE-2026-25847 | 1 Jetbrains | 1 Pycharm | 2026-02-18 | 8.2 High |
| In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible | ||||
| CVE-2026-25848 | 1 Jetbrains | 1 Hub | 2026-02-18 | 9.1 Critical |
| In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible | ||||
| CVE-2025-58335 | 1 Jetbrains | 1 Junie | 2026-01-20 | 5.5 Medium |
| In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function | ||||
| CVE-2025-59458 | 1 Jetbrains | 1 Junie | 2026-01-20 | 8.3 High |
| In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation | ||||
| CVE-2025-29903 | 1 Jetbrains | 1 Runtime | 2026-01-13 | 5.2 Medium |
| In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible | ||||
| CVE-2025-64457 | 1 Jetbrains | 3 Dottrace, Resharper, Rider | 2026-01-12 | 4.2 Medium |
| In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition | ||||
| CVE-2025-23385 | 1 Jetbrains | 4 Dottrace, Etw Host Service, Resharper and 1 more | 2026-01-12 | 7.8 High |
| In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible | ||||
| CVE-2025-67739 | 1 Jetbrains | 1 Teamcity | 2025-12-23 | 3.1 Low |
| In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure | ||||
| CVE-2025-68269 | 1 Jetbrains | 1 Intellij Idea | 2025-12-23 | 5.4 Medium |
| In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH | ||||
| CVE-2025-68162 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 2.7 Low |
| In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration | ||||
| CVE-2025-68163 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 3.5 Low |
| In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page | ||||
| CVE-2025-68164 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 2.7 Low |
| In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test | ||||
| CVE-2025-68165 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 5.4 Medium |
| In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup | ||||
| CVE-2025-68166 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 5.4 Medium |
| In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab | ||||
| CVE-2025-68267 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 6.5 Medium |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token | ||||