CVE-2026-49385
— JetBrains YouTrack Unauthorized Service Account Modification Vulnerability
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49384
— "JetBrains PyCharm Stored XSS in Jupyter Notebook Markdown Cells"
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
pycharm
|
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49382
— JetBrains IntelliJ IDEA Template Injection Vulnerability
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49381
— JetBrains TeamCity Stored Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
teamcity
|
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49380
— JetBrains TeamCity SAML Plugin Open Redirect Vulnerability
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49379
— JetBrains TeamCity Credentials Exposure Vulnerability
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
teamcity
|
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
teamcity
|
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49377
— JetBrains TeamCity Default Agent Parameters Information Disclosure Vulnerability
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
teamcity
|
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49376
— JetBrains TeamCity SAML Plugin Username Validation Vulnerability
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49375
— JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
teamcity
|
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49373
— JetBrains TeamCity Perforce Remote Code Execution Vulnerability
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
teamcity
|
Remote
|
Server-Side Request Forgery
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49371
— JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
teamcity
|
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49370
— JetBrains YouTrack Information Disclosure Vulnerability
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
youtrack
|
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49369
— JetBrains YouTrack Information Disclosure Vulnerability
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
youtrack
|
Remote
|
Information Disclosure
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49368
— "JetBrains YouTrack Stored XSS Vulnerability in Project Notification Templates"
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
youtrack
|
Remote
|
Cross-Site Scripting
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49367
— JetBrains IntelliJ IDEA Command Execution Vulnerability
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026
CVE-2026-49366
— JetBrains IntelliJ IDEA Command Injection Vulnerability
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
May 29, 2026
May 29, 2026
May 29, 2026
May 29, 2026