| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition |
| In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration |
| In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page |
| In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test |
| In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup |
| In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token |
| In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page |
| In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH |
| In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata |
| In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute |
| In JetBrains TeamCity before 2025.11 path traversal was possible via file upload |
| In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions |
