Search CVEs

Top 20 matches Showing top matches — use filters or a more specific query to narrow

CVE-2025-64683

HIGH CVSS 7.5

Find Similar

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API

jetbrains

CVE-2025-64684

HIGH CVSS 7.5

Find Similar

In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form

jetbrains

CVE-2026-49369

MEDIUM CVSS 4.3

Find Similar

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

jetbrains

CVE-2026-49370

HIGH CVSS 7.5

Find Similar

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

jetbrains

CVE-2024-50573

MEDIUM CVSS 5.4

Find Similar

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services

jetbrains

CVE-2026-56142

CRITICAL CVSS 9.9

Find Similar

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible

CVE-2024-47162

MEDIUM CVSS 5.3

Find Similar

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page

jetbrains

CVE-2025-64681

LOW CVSS 3.7

Find Similar

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

jetbrains

CVE-2026-50242

CRITICAL CVSS 10.0

Find Similar

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was po

CVE-2024-47159

MEDIUM CVSS 4.3

Find Similar

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project

jetbrains

CVE-2025-58334

HIGH CVSS 8.8

Find Similar

In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

jetbrains

CVE-2026-25848

CRITICAL CVSS 9.8

Find Similar

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

jetbrains

CVE-2025-64685

HIGH CVSS 7.5

Find Similar

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

jetbrains

CVE-2026-56141

CRITICAL CVSS 9.8

Find Similar

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

CVE-2025-64682

LOW CVSS 3.7

Find Similar

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit

jetbrains

CVE-2024-47160

MEDIUM CVSS 5.3

Find Similar

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible

jetbrains

CVE-2026-25846

MEDIUM CVSS 6.5

Find Similar

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

jetbrains

CVE-2025-53959

HIGH CVSS 7.6

Find Similar

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

jetbrains

CVE-2026-28193

MEDIUM CVSS 5.3

Find Similar

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

jetbrains

CVE-2026-49386

MEDIUM CVSS 6.5

Find Similar

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas

jetbrains

Page 1+ Next →