In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Pr
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
In JetBrains YouTrack before 2025.2.86069,
2024.3.85077,
2025.1.86199 email spoofing via an administrative API was possible