1682 matches found
JetBrains TeamCity > 2023.11.3 - Authentication Bypass
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...
CVE-2026-59796
In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...
CVE-2026-59796
CVE-2026-59796 affects JetBrains TeamCity prior to 2026.1.2. The issue arises from improper permission checks that could allow pipeline modification. Documented impact is pipeline modification with high impact on confidentiality and integrity (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). N...
EUVD-2026-42913
In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...
CVE-2026-59794
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...
EUVD-2026-42912
In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...
CVE-2026-59794
JetBrains TeamCity (pre-2026.1.2) is affected by a stored XSS on the cloud profile page due to agent-reported data. The issue enables an attacker with low privileges and network access to trigger a stored XSS that can impact user confidentiality and integrity, with user interaction required. The ...
CVE-2026-59793
CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...
CVE-2026-59793
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...
EUVD-2026-42911
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...
CVE-2026-49379
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names...
CVE-2026-49374
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...
CVE-2026-49371
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49373
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings...
JetBrains TeamCity < 2026.1.1 Reflected XSS (CVE-2026-49371)
The version of JetBrains TeamCity installed on the remote host is prior to 2026.1.1. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49371 Note that Nessus has not tested for this issue but has instea...
JetBrains TeamCity < 2025.11.2 Sensitive Data Exposure (CVE-2026-49377)
The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.2. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters CVE-2026-49377 Note that Nessus has not tested for this issue but h...
JetBrains TeamCity < 2026.1 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...
JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...
CVE-2026-49381
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...