| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible |
| In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure |
| In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH |
| In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration |
| In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page |
| In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test |
| In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup |
| In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token |
| In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page |
| In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata |
| In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute |
| In JetBrains TeamCity before 2025.11 path traversal was possible via file upload |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions. |
| In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions |
