CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32054
https://notcve.org/view.php?id=CVE-2025-32054
03 Apr 2025 — In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file En JetBrains IntelliJ IDEA anterior a 2024.3, el código fuente de 2024.2.4 se podía registrar en el archivo idea.log • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31141
https://notcve.org/view.php?id=CVE-2025-31141
27 Mar 2025 — In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31140
https://notcve.org/view.php?id=CVE-2025-31140
27 Mar 2025 — In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31139
https://notcve.org/view.php?id=CVE-2025-31139
27 Mar 2025 — In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29932
https://notcve.org/view.php?id=CVE-2025-29932
25 Mar 2025 — In JetBrains GoLand before 2025.1 an XXE during debugging was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29904
https://notcve.org/view.php?id=CVE-2025-29904
12 Mar 2025 — In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29903
https://notcve.org/view.php?id=CVE-2025-29903
12 Mar 2025 — In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-426: Untrusted Search Path •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26492
https://notcve.org/view.php?id=CVE-2025-26492
11 Feb 2025 — In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26493
https://notcve.org/view.php?id=CVE-2025-26493
11 Feb 2025 — In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-23385
https://notcve.org/view.php?id=CVE-2025-23385
28 Jan 2025 — In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-114: Process Control •