813 matches found
CVE-2026-61492
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...
CVE-2026-59791
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...
CVE-2026-61492
The provided connected documents identify a concrete vulnerability in JetBrains YouTrack: stored XSS via article titles in digest emails, affecting versions prior to 2026.2.17394. The exact root cause is not detailed beyond this description, and there are no explicit exploit details or remediatio...
EUVD-2026-42915
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...
CVE-2026-61492
In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...
CVE-2026-59791
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...
EUVD-2026-42909
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...
CVE-2026-59791
The CVE-2026-59791 affects JetBrains YouTrack prior to version 2026.2.17012, where CSS injection was possible through Mermaid diagram rendering. According to the available sources, the vulnerability is tied to the Mermaid diagram rendering component and could impact user interface rendering, with...
EUVD-2026-39657
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
EUVD-2026-39654
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57926
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack...
CVE-2026-57923
In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57922
In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...
CVE-2026-57925
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...
CVE-2026-57926
JetBrains YouTrack prior to 2026.2.16593 has a vulnerability in the websandbox bridge that enables prototype pollution. The issue affects YouTrack’s websandbox bridge component and is described as a prototype pollution attack, with the NVD noting a CVSSv3.1 base score of 9.8 (CRITICAL) under the ...
CVE-2026-57925
JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...
CVE-2026-57924
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details...