← Browse

Jetbrains

32 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-53914 MEDIUM 6.7 Kotlin — In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache me… 2026-06-26 CVE-2026-57921 MEDIUM 4.3 Youtrack — In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the … 2026-06-26 CVE-2026-57922 LOW 3.1 Youtrack — In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible 2026-06-26 CVE-2026-57923 MEDIUM 5.3 Youtrack — In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed mo… 2026-06-26 CVE-2026-57924 MEDIUM 4.3 Youtrack — In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details 2026-06-26 CVE-2026-57925 MEDIUM 4.3 Youtrack — In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags 2026-06-26 CVE-2026-57926 LOW 2.6 Youtrack — In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack 2026-06-26 CVE-2026-50242 CRITICAL 10 Hub — In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.14842… 2026-06-19 CVE-2026-53915 HIGH 7.1 Goland — In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration 2026-06-19 CVE-2026-56141 CRITICAL 9.8 Hub — In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.14842… 2026-06-19 CVE-2026-56142 CRITICAL 9.6 Hub — In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.14842… 2026-06-19 CVE-2026-49366 HIGH 7.8 Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion 2026-05-29 CVE-2026-49367 HIGH 8 Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account 2026-05-29 CVE-2026-49368 HIGH 8.7 Youtrack — In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible 2026-05-29 CVE-2026-49369 MEDIUM 4.3 Youtrack — In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages 2026-05-29 CVE-2026-49370 LOW 3.4 Youtrack — In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests 2026-05-29 CVE-2026-49371 HIGH 7.1 Teamcity — In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible 2026-05-29 CVE-2026-49372 HIGH 7.5 Teamcity — In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible 2026-05-29 CVE-2026-49373 HIGH 7.1 Teamcity — In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings 2026-05-29 CVE-2026-49374 HIGH 7.6 Teamcity — In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters 2026-05-29 CVE-2026-49375 MEDIUM 6.1 Teamcity — In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page 2026-05-29 CVE-2026-49376 MEDIUM 6.5 Teamcity — In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin 2026-05-29 CVE-2026-49377 MEDIUM 4.3 Teamcity — In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters 2026-05-29 CVE-2026-49378 MEDIUM 4.3 Teamcity — In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion 2026-05-29 CVE-2026-49379 MEDIUM 6.5 Teamcity — In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names 2026-05-29 CVE-2026-49380 LOW 3.1 Teamcity — In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible 2026-05-29 CVE-2026-49381 LOW 3.4 Teamcity — In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible 2026-05-29 CVE-2026-49382 MEDIUM 4.5 Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright p… 2026-05-29 CVE-2026-49383 LOW 3.3 Intellij Idea — In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible 2026-05-29 CVE-2026-49384 MEDIUM 6.1 Pycharm — In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible 2026-05-29 CVE-2026-49385 MEDIUM 6.5 Youtrack — In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify servi… 2026-05-29 CVE-2026-49386 MEDIUM 6.5 Youtrack — In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and… 2026-05-29