CVE-2026-32229
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2026-25848
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
CVE-2025-65783
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2025-64683
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64682
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-64681
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-24456
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping