Security Vulnerabilities
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-16
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
CVSS Score
3.5
EPSS Score
0.0
Published
2025-12-16
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-12-16
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script.
This issue was fixed in version 6.44.44
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-16