Threat-Lens CVE Hub

CVE-2026-49366

HIGH CVSS 7.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

jetbrains

CVE-2026-49382

HIGH CVSS 7.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

jetbrains

CVE-2024-46970

MEDIUM CVSS 6.1

Find Similar

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

jetbrains

CVE-2026-49367

HIGH CVSS 8.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

jetbrains

CVE-2025-57730

MEDIUM CVSS 4.6

Find Similar

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

jetbrains

CVE-2025-57728

MEDIUM CVSS 6.5

Find Similar

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

jetbrains

CVE-2026-49378

MEDIUM CVSS 4.3

Find Similar

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

jetbrains

CVE-2025-32054

LOW CVSS 3.3

Find Similar

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

jetbrains

CVE-2026-41882

HIGH CVSS 7.5

Find Similar

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server

jetbrains

CVE-2025-43012

CRITICAL CVSS 9.8

Find Similar

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

jetbrains

CVE-2026-53915

HIGH CVSS 7.1

Find Similar

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration

CVE-2025-68269

MEDIUM CVSS 5.4

Find Similar

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH

jetbrains

CVE-2026-49379

MEDIUM CVSS 6.5

Find Similar

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

jetbrains

CVE-2026-49383

LOW CVSS 3.3

Find Similar

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

jetbrains

CVE-2026-41153

CRITICAL CVSS 9.8

Find Similar

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file

jetbrains

CVE-2025-43016

HIGH CVSS 7.5

Find Similar

In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

jetbrains

CVE-2025-68162

LOW CVSS 2.7

Find Similar

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration

jetbrains

CVE-2026-49373

HIGH CVSS 8.8

Find Similar

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

jetbrains

CVE-2024-52555

HIGH CVSS 7.8

Find Similar

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

jetbrains

CVE-2026-49368

MEDIUM CVSS 5.4

Find Similar

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

jetbrains