Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.5 MEDIUM
CVE-2026-49382 — JetBrains IntelliJ IDEA Template Injection Vulnerability

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin

intellij_idea | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
3.4 LOW
CVE-2026-49381 — JetBrains TeamCity Stored Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

teamcity | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
3.1 LOW
CVE-2026-49380 — JetBrains TeamCity SAML Plugin Open Redirect Vulnerability

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

teamcity | Remote | Misconfiguration
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-49379 — JetBrains TeamCity Credentials Exposure Vulnerability

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names

teamcity | Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-49378 — JetBrains TeamCity Credentials Exposed

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion

teamcity | Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-49377 — JetBrains TeamCity Default Agent Parameters Information Disclosure Vulnerability

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters

teamcity | Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-49376 — JetBrains TeamCity SAML Plugin Username Validation Vulnerability

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

teamcity | Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.1 MEDIUM
CVE-2026-49375 — JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page

teamcity | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.6 HIGH
CVE-2026-49374 — JetBrains TeamCity Path Traversal Vulnerability

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

teamcity | Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2026-49373 — JetBrains TeamCity Perforce Remote Code Execution Vulnerability

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings

teamcity | Remote | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.5 HIGH
CVE-2026-49372 — JetBrains TeamCity SSRF Vulnerability

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

teamcity | Remote | Server-Side Request Forgery
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.1 HIGH
CVE-2026-49371 — JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible

teamcity | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
3.4 LOW
CVE-2026-49370 — JetBrains YouTrack Information Disclosure Vulnerability

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

youtrack | Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
4.3 MEDIUM
CVE-2026-49369 — JetBrains YouTrack Information Disclosure Vulnerability

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages

youtrack | Remote | Information Disclosure
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.7 HIGH
CVE-2026-49368 — "JetBrains YouTrack Stored XSS Vulnerability in Project Notification Templates"

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible

youtrack | Remote | Cross-Site Scripting
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
8.0 HIGH
CVE-2026-49367 — JetBrains IntelliJ IDEA Command Execution Vulnerability

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account

intellij_idea | Remote | Authentication
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
7.8 HIGH
CVE-2026-49366 — JetBrains IntelliJ IDEA Command Injection Vulnerability

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion

intellij_idea | Injection
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-47745 — Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admi…

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
9.9 CRITICAL
CVE-2026-47744 — Shopper: Authorization bypass and RBAC privilege escalation in team settings

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
6.5 MEDIUM
CVE-2026-47742 — Shopper: Missing authorization on Product admin Livewire sub-form components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() met…

Remote | Authorization
May 29, 2026 May 29, 2026
May 29, 2026
May 29, 2026
Showing 20 of 6964 Results