In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible via built-in web server
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IDE Services before 2025.5.0.1086,
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
In JetBrains GoLand before 2025.1 an XXE during debugging was possible
Page 1+ Next →