Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36470 1 Jetbrains 1 Teamcity 2025-02-08 8.1 High
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
CVE-2022-48476 1 Jetbrains 1 Ktor 2025-02-05 7.5 High
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-48477 1 Jetbrains 1 Hub 2025-02-05 4.1 Medium
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2024-54155 1 Jetbrains 1 Youtrack 2025-01-31 3.7 Low
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54154 1 Jetbrains 1 Youtrack 2025-01-31 8 High
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-54153 1 Jetbrains 1 Youtrack 2025-01-31 3.1 Low
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-52555 1 Jetbrains 1 Webstorm 2025-01-31 6.3 Medium
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
CVE-2024-54158 1 Jetbrains 1 Youtrack 2025-01-31 3.5 Low
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2024-54157 1 Jetbrains 1 Youtrack 2025-01-31 4.3 Medium
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVE-2024-54156 1 Jetbrains 1 Youtrack 2025-01-31 4.2 Medium
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVE-2025-24458 1 Jetbrains 1 Youtrack 2025-01-31 7.1 High
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVE-2025-24457 1 Jetbrains 1 Youtrack 2025-01-31 5.5 Medium
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CVE-2025-24456 1 Jetbrains 1 Hub 2025-01-31 6.7 Medium
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2025-24461 1 Jetbrains 1 Teamcity 2025-01-31 6.5 Medium
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
CVE-2025-24460 1 Jetbrains 1 Teamcity 2025-01-31 4.3 Medium
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2025-24459 1 Jetbrains 1 Teamcity 2025-01-31 4.6 Medium
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
CVE-2022-48481 2 Apple, Jetbrains 2 Macos, Toolbox 2025-01-31 5.2 Medium
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
CVE-2024-35299 1 Jetbrains 1 Youtrack 2025-01-29 5.9 Medium
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
CVE-2024-36378 1 Jetbrains 1 Teamcity 2025-01-28 5.9 Medium
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
CVE-2024-36377 1 Jetbrains 1 Teamcity 2025-01-28 6.5 Medium
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions