Security Vulnerabilities
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget
CVSS Score
7.4
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token
CVSS Score
9.6
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-10
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
CVSS Score
8.4
EPSS Score
0.0
Published
2025-11-10
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVSS Score
2.7
EPSS Score
0.0
Published
2025-11-10
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVSS Score
2.7
EPSS Score
0.0
Published
2025-11-10
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVSS Score
5.3
EPSS Score
0.0
Published
2025-11-10
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-10
A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-10