Jetbrains | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Kategori: Jetbrains - CVE listesi
VENDOR 90 kayıt
Medium CVSS: 6.3

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
Medium CVSS: 6.8

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
Low CVSS: 2.3

CVE-2026-28196

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
Medium CVSS: 4.3

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
Medium CVSS: 4.3

CVE-2026-28194

In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
High CVSS: 8.8

CVE-2026-28193

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
Critical CVSS: 9.1

CVE-2026-25848

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
High CVSS: 8.2

CVE-2026-25847

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
Medium CVSS: 6.5

CVE-2026-25846

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
Medium CVSS: 5.4

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
Medium CVSS: 5.4

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
Medium CVSS: 6.5

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
Medium CVSS: 5.4

CVE-2025-68166

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
Medium CVSS: 5.4

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
Low CVSS: 2.7

CVE-2025-68164

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
Low CVSS: 3.5

CVE-2025-68163

In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
Low CVSS: 2.7

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
Low CVSS: 3.8

CVE-2025-67742

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Medium CVSS: 4.6

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Low CVSS: 2.7

CVE-2025-67740

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata