Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (109 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-64685 1 Jetbrains 1 Youtrack 2026-02-26 8.1 High
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVE-2026-28193 1 Jetbrains 1 Youtrack 2026-02-26 8.8 High
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVE-2026-25846 1 Jetbrains 1 Youtrack 2026-02-18 6.5 Medium
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVE-2025-64773 1 Jetbrains 1 Youtrack 2025-12-11 2.7 Low
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-64684 1 Jetbrains 1 Youtrack 2025-11-21 4.5 Medium
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-47850 1 Jetbrains 1 Youtrack 2025-09-30 4.3 Medium
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVE-2025-48391 1 Jetbrains 1 Youtrack 2025-09-30 7.7 High
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CVE-2025-57731 1 Jetbrains 1 Youtrack 2025-08-21 8.7 High
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
CVE-2025-54527 1 Jetbrains 1 Youtrack 2025-07-29 6.1 Medium
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-53959 1 Jetbrains 1 Youtrack 2025-07-15 7.6 High
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CVE-2024-22370 1 Jetbrains 1 Youtrack 2025-06-17 4.6 Medium
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
CVE-2024-28229 1 Jetbrains 1 Youtrack 2025-04-16 6.5 Medium
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVE-2024-54155 1 Jetbrains 1 Youtrack 2025-01-31 3.7 Low
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54154 1 Jetbrains 1 Youtrack 2025-01-31 8 High
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-54153 1 Jetbrains 1 Youtrack 2025-01-31 3.1 Low
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-54158 1 Jetbrains 1 Youtrack 2025-01-30 3.5 Low
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2024-54157 1 Jetbrains 1 Youtrack 2025-01-30 4.3 Medium
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVE-2024-54156 1 Jetbrains 1 Youtrack 2025-01-30 4.2 Medium
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVE-2025-24458 1 Jetbrains 1 Youtrack 2025-01-30 7.1 High
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVE-2025-24457 1 Jetbrains 1 Youtrack 2025-01-30 5.5 Medium
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs