Filtered by vendor Jetbrains
Subscriptions
Filtered by product Youtrack
Subscriptions
Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64688 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 7.4 High |
| In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget | ||||
| CVE-2025-64686 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 3.1 Low |
| In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context | ||||
| CVE-2025-64689 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 9.6 Critical |
| In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token | ||||
| CVE-2025-64687 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 5.4 Medium |
| In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic | ||||
| CVE-2025-64684 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 4.5 Medium |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form | ||||
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 8.1 High |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | ||||
| CVE-2025-64690 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 5.4 Medium |
| In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes | ||||
| CVE-2025-64773 | 1 Jetbrains | 1 Youtrack | 2025-11-12 | 2.7 Low |
| In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit | ||||
| CVE-2025-53959 | 1 Jetbrains | 1 Youtrack | 2025-10-14 | 7.6 High |
| In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | ||||
| CVE-2025-47850 | 1 Jetbrains | 1 Youtrack | 2025-09-30 | 4.3 Medium |
| In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning | ||||
| CVE-2025-48391 | 1 Jetbrains | 1 Youtrack | 2025-09-30 | 7.7 High |
| In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API | ||||
| CVE-2025-57731 | 1 Jetbrains | 1 Youtrack | 2025-08-21 | 8.7 High |
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | ||||
| CVE-2025-54527 | 1 Jetbrains | 1 Youtrack | 2025-07-29 | 6.1 Medium |
| In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions | ||||
| CVE-2024-22370 | 1 Jetbrains | 1 Youtrack | 2025-06-17 | 4.6 Medium |
| In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | ||||
| CVE-2024-28229 | 1 Jetbrains | 1 Youtrack | 2025-04-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | ||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 8 High |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2024-54158 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 3.5 Low |
| In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | ||||
| CVE-2024-54157 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | 4.3 Medium |
| In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | ||||