In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Page 1+ Next →