In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration