ReportizFlow
Filtered by vendor Jetbrains
Subscriptions
Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 8 High |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2025-01-31 | 6.3 Medium |
| In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script | ||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.5 Low |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||||
| CVE-2024-54157 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 4.3 Medium |
| In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | ||||
| CVE-2024-54156 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 4.2 Medium |
| In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | ||||
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 7.1 High |
| In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | ||||
| CVE-2025-24457 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 5.5 Medium |
| In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs | ||||
| CVE-2025-24456 | 1 Jetbrains | 1 Hub | 2025-01-31 | 6.7 Medium |
| In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping | ||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-31 | 6.5 Medium |
| In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | ||||
| CVE-2025-24460 | 1 Jetbrains | 1 Teamcity | 2025-01-31 | 4.3 Medium |
| In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | ||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-31 | 4.6 Medium |
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | ||||
| CVE-2022-48481 | 2 Apple, Jetbrains | 2 Macos, Toolbox | 2025-01-30 | 5.2 Medium |
| In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | ||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | 5.9 Medium |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 5.9 Medium |
| In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | ||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | ||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | ||||
| CVE-2024-36375 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 5.3 Medium |
| In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | ||||
| CVE-2024-36374 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | ||||