JetBrains TeamCity > 2023.11.3 - Authentication Bypass

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...

TeamCity < 2023.11.4 - Authentication Bypass

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible id: CVE-2024-27199 info: name: TeamCity 2023.11.4 - Authentication Bypass author: DhiyaneshDk severity: high description: | In JetBrains TeamCity before 2023.11.4 path traversal allowing t...

JetBrains TeamCity < 2023.05.4 - Remote Code Execution

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible id: CVE-2023-42793 info: name: JetBrains TeamCity 2023.05.4 - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before...

CVE-2026-49370

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

CVE-2026-49379

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

CVE-2026-49371

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...

CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

CVE-2026-49373

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings...

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

CVE-2026-33392

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass...

JetBrains PyCharm < 2025.3.4 Stored XSS

According to its self-reported version, the JetBrains PyCharm installation on the remote host is prior to 2025.3.4. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in Jupyter notebook Markdown cells. In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook...

JetBrains TeamCity < 2026.1.1 Reflected XSS (CVE-2026-49371)

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1.1. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49371 Note that Nessus has not tested for this issue but has instea...