Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57734 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files | |||||
| CVE-2025-57733 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content | |||||
| CVE-2025-57732 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership | |||||
| CVE-2025-54528 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | |||||
| CVE-2025-54529 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 3.7 LOW |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | |||||
| CVE-2025-54530 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | |||||
| CVE-2025-54531 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 7.7 HIGH |
| In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows | |||||
| CVE-2025-54536 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | |||||
| CVE-2025-54532 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | |||||
| CVE-2025-54533 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration | |||||
| CVE-2025-54534 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page | |||||
| CVE-2025-54535 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 5.8 MEDIUM |
| In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms | |||||
| CVE-2025-54538 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | |||||
| CVE-2025-54537 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | |||||
| CVE-2025-52877 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | |||||
| CVE-2025-52876 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible | |||||
| CVE-2025-52875 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | |||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | |||||
| CVE-2025-52879 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | |||||
| CVE-2024-27199 | 1 Jetbrains | 1 Teamcity | 2025-05-30 | N/A | 7.3 HIGH |
| In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |||||