In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings