Lucene search
K

1108 matches found

CVE
CVE
added 2026/06/26 12:38 p.m.15 views

CVE-2026-57921

In JetBrains YouTrack prior to version 2026.2.16593, an improper access control flaw in the comment templates endpoint allowed reading users’ private data. Affected component: YouTrack server-side access control for comment templates; root cause is insufficient restrictions on who can retrieve te...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.36 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.6 views

CVE-2026-57922

In JetBrains YouTrack before 2026.2.16593 project settings disclosure via the MCP was possible...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.7 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52705

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52706

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The websandbox bridge is susceptible to prototype pollution, a condition where an attacker can manipulate the prototype of a JavaScript object to inject properties or change the...

9.8CVSS5.8AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52703

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52702

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description An issue exists that allows the disclosure of project settings via the MCP. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00143EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52704

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description The default role configuration allows for the exposure of excessive user profile details. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52701

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.15 views

JetBrains YouTrack < 2024.2.148429 / < 2024.3.148430 / < 2025.1.148120 / < 2025.2.148048 / < 2025.3.148033 / < 2026.1.13757 Authentication Bypass (CVE-2026-50242)

The version of JetBrains YouTrack installed on the remote host is prior to 2024.2.148429, 2024.3.x prior to 2024.3.148430, 2025.1.x prior to 2025.1.148120, 2025.2.x prior to 2025.2.148048, 2025.3.x prior to 2025.3.148033, or 2026.1.x prior to 2026.1.13757. It is, therefore, affected by an...

10CVSS5.8AI score0.00416EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-49370

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

7.5CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

6.5CVSS5.4AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

4.3CVSS5.4AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

6.5CVSS5.4AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS5.4AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33392

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass...

7.2CVSS5.4AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.12 views

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

6.5CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.16 views

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

6.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.13 views

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

4.3CVSS0.00197EPSS
Exploits0References1
Rows per page
Query Builder