In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

In JetBrains GoLand before 2025.1 an XXE during debugging was possible