In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to set user conte
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible