Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57731 1 Jetbrains 1 Youtrack 2025-08-21 8.7 High
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
CVE-2025-54527 1 Jetbrains 1 Youtrack 2025-07-29 6.1 Medium
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-53959 1 Jetbrains 1 Youtrack 2025-07-15 7.6 High
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CVE-2025-47850 1 Jetbrains 1 Youtrack 2025-06-24 4.3 Medium
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVE-2025-48391 1 Jetbrains 1 Youtrack 2025-06-24 7.7 High
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CVE-2024-22370 1 Jetbrains 1 Youtrack 2025-06-17 4.6 Medium
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
CVE-2024-28229 1 Jetbrains 1 Youtrack 2025-04-16 6.5 Medium
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVE-2024-54155 1 Jetbrains 1 Youtrack 2025-01-31 3.7 Low
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54154 1 Jetbrains 1 Youtrack 2025-01-31 8 High
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-54153 1 Jetbrains 1 Youtrack 2025-01-31 3.1 Low
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-54158 1 Jetbrains 1 Youtrack 2025-01-30 3.5 Low
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2024-54157 1 Jetbrains 1 Youtrack 2025-01-30 4.3 Medium
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVE-2024-54156 1 Jetbrains 1 Youtrack 2025-01-30 4.2 Medium
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVE-2025-24458 1 Jetbrains 1 Youtrack 2025-01-30 7.1 High
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVE-2025-24457 1 Jetbrains 1 Youtrack 2025-01-30 5.5 Medium
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CVE-2024-35299 1 Jetbrains 1 Youtrack 2025-01-28 5.9 Medium
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2023-35053 1 Jetbrains 1 Youtrack 2025-01-03 7.5 High
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-35054 1 Jetbrains 1 Youtrack 2025-01-03 4.6 Medium
In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible
CVE-2024-28228 1 Jetbrains 1 Youtrack 2024-12-16 5.3 Medium
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
CVE-2024-28230 1 Jetbrains 1 Youtrack 2024-12-16 6.5 Medium
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions