| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions |
| In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit |
| In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation |
| In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations |
| In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority while details are being clarified. A corrected record will be published once verification is complete. |
| In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible |
| In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
| In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves |
| In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible |
| In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible |
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible |
