Jetbrains | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Kategori: Jetbrains - CVE listesi
VENDOR 90 kayıt
Medium CVSS: 4.7

CVE-2025-57727

In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Medium CVSS: 5.5

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Medium CVSS: 5.5

CVE-2025-54537

In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Medium CVSS: 5.4

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Medium CVSS: 5.8

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Medium CVSS: 4.8

CVE-2025-54534

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Medium CVSS: 4.3

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Medium CVSS: 4.3

CVE-2025-54532

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
High CVSS: 7.7

CVE-2025-54531

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
High CVSS: 7.5

CVE-2025-54530

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Low CVSS: 3.7

CVE-2025-54529

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Medium CVSS: 5.4

CVE-2025-54528

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Medium CVSS: 6.1

CVE-2025-54527

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
High CVSS: 7.6

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
Medium CVSS: 4.8

CVE-2025-52879

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
Medium CVSS: 4.3

CVE-2025-52878

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
Medium CVSS: 4.8

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
Medium CVSS: 5.4

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
Medium CVSS: 5.4

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
High CVSS: 7.7

CVE-2025-48391

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API