Security Vulnerabilities
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
CVSS Score
4.3
EPSS Score
0.0
Published
2025-08-20
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
CVSS Score
4.7
EPSS Score
0.0
Published
2025-08-20
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-20
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
CVSS Score
5.2
EPSS Score
0.0
Published
2025-08-20
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
CVSS Score
8.7
EPSS Score
0.001
Published
2025-08-20
CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-08-20
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.
CVSS Score
8.8
EPSS Score
0.513
Published
2025-08-20