In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
Page 1+ Next →