ReportizFlow
Filtered by vendor Jetbrains
Subscriptions
Total
573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49369 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 4.3 Medium |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages | ||||
| CVE-2026-49370 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 3.4 Low |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests | ||||
| CVE-2026-49384 | 1 Jetbrains | 1 Pycharm | 2026-06-01 | 6.1 Medium |
| In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | ||||
| CVE-2026-49385 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 6.5 Medium |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts | ||||
| CVE-2026-49386 | 1 Jetbrains | 1 Youtrack | 2026-06-01 | 6.5 Medium |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas | ||||
| CVE-2026-44413 | 1 Jetbrains | 1 Teamcity | 2026-05-12 | 8.2 High |
| In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access | ||||
| CVE-2026-41882 | 1 Jetbrains | 1 Intellij Idea | 2026-05-05 | 7.4 High |
| In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | ||||
| CVE-2026-41153 | 1 Jetbrains | 1 Junie | 2026-04-27 | 5.8 Medium |
| In JetBrains Junie before 252.549.29 command execution was possible via malicious project file | ||||
| CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2026-04-21 | 7.3 High |
| In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | ||||
| CVE-2026-33392 | 1 Jetbrains | 1 Youtrack | 2026-04-20 | 7.2 High |
| In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | ||||
| CVE-2026-25848 | 1 Jetbrains | 1 Hub | 2026-04-18 | 9.1 Critical |
| In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible | ||||
| CVE-2026-28196 | 1 Jetbrains | 1 Teamcity | 2026-04-18 | 2.3 Low |
| In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk | ||||
| CVE-2026-25846 | 1 Jetbrains | 1 Youtrack | 2026-04-18 | 6.5 Medium |
| In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs | ||||
| CVE-2026-25847 | 1 Jetbrains | 1 Pycharm | 2026-04-18 | 8.2 High |
| In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible | ||||
| CVE-2026-28193 | 1 Jetbrains | 1 Youtrack | 2026-04-17 | 8.8 High |
| In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint | ||||
| CVE-2026-28194 | 1 Jetbrains | 1 Teamcity | 2026-04-17 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow | ||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-04-17 | 4.3 Medium |
| In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | ||||
| CVE-2026-32229 | 1 Jetbrains | 1 Hub | 2026-04-16 | 6.8 Medium |
| In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | ||||
| CVE-2026-32745 | 1 Jetbrains | 1 Datalore | 2026-04-02 | 6.3 Medium |
| In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | ||||
| CVE-2025-43012 | 1 Jetbrains | 1 Toolbox | 2026-02-26 | 8.3 High |
| In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | ||||