Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (120 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-49386 1 Jetbrains 1 Youtrack 2026-05-29 6.5 Medium
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
CVE-2026-49385 1 Jetbrains 1 Youtrack 2026-05-29 6.5 Medium
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49370 1 Jetbrains 1 Youtrack 2026-05-29 3.4 Low
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
CVE-2026-49369 1 Jetbrains 1 Youtrack 2026-05-29 4.3 Medium
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
CVE-2026-49368 1 Jetbrains 1 Youtrack 2026-05-29 8.7 High
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-33392 1 Jetbrains 1 Youtrack 2026-04-20 7.2 High
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CVE-2026-25846 1 Jetbrains 1 Youtrack 2026-04-17 6.5 Medium
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVE-2026-28193 1 Jetbrains 1 Youtrack 2026-04-17 8.8 High
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVE-2025-64685 1 Jetbrains 1 Youtrack 2026-02-26 8.1 High
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVE-2025-64773 1 Jetbrains 1 Youtrack 2025-12-11 2.7 Low
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-64690 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64689 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64688 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
CVE-2025-64687 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
CVE-2025-64686 1 Jetbrains 1 Youtrack 2025-12-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
CVE-2025-54527 1 Jetbrains 1 Youtrack 2025-12-01 6.1 Medium
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-64684 1 Jetbrains 1 Youtrack 2025-11-21 4.5 Medium
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-53959 1 Jetbrains 1 Youtrack 2025-10-14 7.6 High
In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible
CVE-2025-47850 1 Jetbrains 1 Youtrack 2025-09-30 4.3 Medium
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVE-2025-48391 1 Jetbrains 1 Youtrack 2025-09-30 7.7 High
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API