Threat-Lens CVE Hub

CVE-2026-49367

HIGH CVSS 8.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

jetbrains

CVE-2026-49366

HIGH CVSS 7.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

jetbrains

CVE-2026-49382

HIGH CVSS 7.8

Find Similar

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

jetbrains

CVE-2025-57730

MEDIUM CVSS 4.6

Find Similar

In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

jetbrains

CVE-2024-46970

MEDIUM CVSS 6.1

Find Similar

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible

jetbrains

CVE-2025-58334

HIGH CVSS 8.8

Find Similar

In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

jetbrains

CVE-2026-33392

HIGH CVSS 7.2

Find Similar

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass

jetbrains

CVE-2025-57729

HIGH CVSS 7.3

Find Similar

In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start

jetbrains

CVE-2025-57728

MEDIUM CVSS 6.5

Find Similar

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

jetbrains

CVE-2025-68269

MEDIUM CVSS 5.4

Find Similar

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH

jetbrains

CVE-2026-53915

HIGH CVSS 7.1

Find Similar

In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration

CVE-2025-43012

CRITICAL CVSS 9.8

Find Similar

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

jetbrains

CVE-2026-49385

MEDIUM CVSS 6.5

Find Similar

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts

jetbrains

CVE-2025-64681

LOW CVSS 3.7

Find Similar

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

jetbrains

CVE-2025-32054

LOW CVSS 3.3

Find Similar

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

jetbrains

CVE-2026-49383

LOW CVSS 3.3

Find Similar

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

jetbrains

CVE-2026-49373

HIGH CVSS 8.8

Find Similar

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

jetbrains

CVE-2026-25848

CRITICAL CVSS 9.8

Find Similar

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

jetbrains

CVE-2025-29903

HIGH CVSS 7.8

Find Similar

In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible

jetbrains

CVE-2026-49369

MEDIUM CVSS 4.3

Find Similar

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

jetbrains