9.6

CVSS3.1

CVE-2025-64689 -

In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token

๐Ÿ“… Published: Nov. 10, 2025, 1:28 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 3:39 p.m.

7.4

CVSS3.1

CVE-2025-64688 -

In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 3:56 p.m.

5.4

CVSS3.1

CVE-2025-64687 -

In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 3:59 p.m.

3.1

CVSS3.1

CVE-2025-64686 -

In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 4:03 p.m.

8.1

CVSS3.1

CVE-2025-64685 -

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

4.5

CVSS3.1

CVE-2025-64684 -

In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 4:04 p.m.

5.3

CVSS3.1

CVE-2025-64683 -

In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2025, 4:09 p.m.

2.7

CVSS3.1

CVE-2025-64682 -

In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 20, 2025, 7:53 p.m.

2.7

CVSS3.1

CVE-2025-64681 -

In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

๐Ÿ“… Published: Nov. 10, 2025, 1:27 p.m. ๐Ÿ”„ Last Modified: Nov. 20, 2025, 7:54 p.m.

5.3

CVSS4.0

CVE-2025-12939 - SourceCodester Interview Management System addCandidate.php sql injection

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has bโ€ฆ

๐Ÿ“… Published: Nov. 10, 2025, 1:02 p.m. ๐Ÿ”„ Last Modified: Nov. 17, 2025, 12:41 p.m.
Total resulsts: 347960
Page 2969 of 34,796
ยซ previous page ยป next page
Filters