In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 information disclosure was poss
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\Ap
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible