Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26492 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 7.7 HIGH |
| In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources | |||||
| CVE-2025-26493 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab | |||||
| CVE-2025-31139 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | |||||
| CVE-2025-31140 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page | |||||
| CVE-2025-31141 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 2.7 LOW |
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | |||||
| CVE-2025-46432 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | |||||
| CVE-2025-46433 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 4.9 MEDIUM |
| In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | |||||
| CVE-2025-46618 | 1 Jetbrains | 1 Teamcity | 2025-05-16 | N/A | 3.5 LOW |
| In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | |||||
| CVE-2014-10036 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | |||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2024-36371 | 1 Jetbrains | 1 Teamcity | 2025-02-07 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | |||||
| CVE-2024-36470 | 1 Jetbrains | 1 Teamcity | 2025-02-07 | N/A | 8.1 HIGH |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases | |||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | |||||
| CVE-2025-24460 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | |||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | |||||
| CVE-2024-36378 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 5.9 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | |||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | |||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | |||||
| CVE-2024-36375 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | |||||
| CVE-2024-36374 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | |||||