Teamcity

teamcity

Vendor: Jetbrains • 269 CVEs

CVEs (269)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-49381 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 4.8 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49380 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVE-2026-49379 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
CVE-2026-49378 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
CVE-2026-49377 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
CVE-2026-49376 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
CVE-2026-49375 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
CVE-2026-49374 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 7.6 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVE-2026-49373 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-49372 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371 1Jetbrains 1Teamcity Jun 2, 2026 May 29, 2026 N/A· v4 8.2 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-44413 1Jetbrains 1Teamcity May 12, 2026 May 11, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
CVE-2026-28196 1Jetbrains 1Teamcity Feb 25, 2026 Feb 25, 2026 N/A· v4 2.3 LOW· v3 N/A· v2 In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVE-2026-28195 1Jetbrains 1Teamcity Feb 25, 2026 Feb 25, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVE-2026-28194 1Jetbrains 1Teamcity Feb 25, 2026 Feb 25, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVE-2025-68268 1Jetbrains 1Teamcity Dec 18, 2025 Dec 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVE-2025-68267 1Jetbrains 1Teamcity Dec 18, 2025 Dec 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVE-2025-68166 1Jetbrains 1Teamcity Dec 18, 2025 Dec 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVE-2025-68165 1Jetbrains 1Teamcity Dec 18, 2025 Dec 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVE-2025-68164 1Jetbrains 1Teamcity Dec 18, 2025 Dec 16, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

12 3 4 5...14 Next