Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28196 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 2.3 LOW |
| In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk | |||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | |||||
| CVE-2026-28194 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow | |||||
| CVE-2025-67739 | 1 Jetbrains | 1 Teamcity | 2025-12-23 | N/A | 3.1 LOW |
| In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure | |||||
| CVE-2025-68162 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration | |||||
| CVE-2025-68163 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 3.5 LOW |
| In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page | |||||
| CVE-2025-68164 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test | |||||
| CVE-2025-68165 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup | |||||
| CVE-2025-68166 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab | |||||
| CVE-2025-68267 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token | |||||
| CVE-2025-68268 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page | |||||
| CVE-2025-67740 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata | |||||
| CVE-2025-67741 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute | |||||
| CVE-2025-67742 | 1 Jetbrains | 1 Teamcity | 2025-12-15 | N/A | 3.8 LOW |
| In JetBrains TeamCity before 2025.11 path traversal was possible via file upload | |||||
| CVE-2024-27198 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | |||||
| CVE-2023-42793 | 1 Jetbrains | 1 Teamcity | 2025-10-24 | N/A | 9.8 CRITICAL |
| In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | |||||
| CVE-2025-59455 | 1 Jetbrains | 1 Teamcity | 2025-09-22 | N/A | 4.2 MEDIUM |
| In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition | |||||
| CVE-2025-59456 | 1 Jetbrains | 1 Teamcity | 2025-09-22 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload | |||||
| CVE-2025-59457 | 1 Jetbrains | 1 Teamcity | 2025-09-22 | N/A | 7.7 HIGH |
| In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows | |||||
| CVE-2025-57734 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files | |||||