Filter
AND

Jetbrains YoutrackIn JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header pars…

7.5
First published (updated )

Jetbrains YoutrackIn JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execut…

8.1
First published (updated )

Jetbrains TeamcityPath Traversal

7.5
First published (updated )

Jetbrains TeamcityPath Traversal

7.5
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory perm…

7.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Jetbrains TeamcityIn JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space App…

7.5
First published (updated )

Jetbrains YoutrackIn JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site

7.5
First published (updated )

Jetbrains YoutrackIn JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto…

8.1
First published (updated )

CVE-2024-36365In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party age…

First published (updated )

Jetbrains TeamcityXEE

8.1
EPSS
0.04%
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

CVE-2024-31136In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

7.4
EPSS
0.04%
First published (updated )

CVE-2024-29880In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions…

EPSS
0.04%
First published (updated )

CVE-2024-27199Path Traversal

7.3
EPSS
0.90%
First published (updated )

SolarWinds Access Rights ManagerSolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution

EPSS
0.04%
First published (updated )

Jetbrains TeamcityCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

7.8
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue tracke…

7.5
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full a…

8.8
First published (updated )

Jetbrains YoutrackIn JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms

7.3
First published (updated )

Jetbrains YoutrackIn JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Jetbrains TeamcityIn JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

7.5
First published (updated )

Jetbrains ToolboxIn JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible

7.8
First published (updated )

JetBrains KtorPath Traversal

7.5
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the …

7.5
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported …

7.8
First published (updated )

JetBrains IntelliJ IDEAInfoleak

7.5
First published (updated )

JetBrains IntelliJ IDEACode Injection

7.8
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to …

7.5
First published (updated )

JetBrains JetBrains GatewayIn JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the hos…

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

JetBrains IntelliJ IDEAMalicious File Upload

7.8
First published (updated )

JetBrains IntelliJ IDEABuffer Overflow

7.8
First published (updated )

JetBrains HubIn JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email…

7.5
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log …

7.5
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in th…

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

JetBrains IntelliJ IDEAThe installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijackin…

7.8
First published (updated )

JetBrains RiderCode Injection

7.8
First published (updated )

JetBrains IntelliJ IDEACode Injection

7.8
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity before 2022.04.2 build parameter injection was possible

8.8
First published (updated )

JetBrains KtorSHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed…

8.7
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

JetBrains PyCharmCode Injection

7.7
First published (updated )

JetBrains IntelliJ IDEACode Injection

7.7
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

7.1
First published (updated )

JetBrains IntelliJ IDEACode Injection

7.7
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

8.4
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Jetbrains YoutrackXSS

7.3
First published (updated )

Jetbrains TeamcityIn JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged …

7.5
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) ch…

7.8
First published (updated )

JetBrains IntelliJ IDEAIn JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) up…

7.8
First published (updated )

Jetbrains TeamcityCSRF

8.8
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203