Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVSS Score
4.3
EPSS Score
0.002
Published
2026-02-25
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
CVSS Score
8.2
EPSS Score
0.002
Published
2026-02-09
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVSS Score
9.1
EPSS Score
0.004
Published
2026-02-09
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVSS Score
6.5
EPSS Score
0.009
Published
2026-02-09
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
CVSS Score
2.7
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVSS Score
5.4
EPSS Score
0.035
Published
2025-12-16
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVSS Score
5.4
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVSS Score
6.5
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVSS Score
5.4
EPSS Score
0.002
Published
2025-12-16
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16