In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account More information : https://www.jetbrains.com/privacy-security/issues-fixed/

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion More information : https://www.jetbrains.com/privacy-security/issues-fixed/

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete) that were rendered for any authenticated...

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization....

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() method. Any authenticated panel user,...