In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
Page 1+ Next →