Medium
CVE-2026-32745
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
Medium
CVE-2026-32229
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
Medium
CVE-2026-28195
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build confi…
Low
CVE-2026-28196
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
High
CVE-2026-28193
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
Medium
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow