In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2.
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution w
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL sea
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute