In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulat
Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions.
This issue affects:
* OTRS 7.0.X
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters