Product
insteon hub
39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-32229
CVE-2026-25848
CVE-2025-65784
CVE-2025-65783
CVE-2025-64683
CVE-2025-64682
CVE-2025-64681
CVE-2025-24456
CVE-2024-50573
CVE-2024-38507
CVE-2023-45823
CVE-2023-45822
CVE-2023-45821
CVE-2022-48477
CVE-2022-48429
CVE-2022-45471
CVE-2022-34894
CVE-2022-29811
CVE-2022-25262
CVE-2022-25260
CVE-2022-25259
CVE-2022-24328
CVE-2022-24327
CVE-2021-43182
CVE-2021-43181
CVE-2021-43180
CVE-2021-43183
CVE-2021-37541
CVE-2021-37540
CVE-2021-36209
CVE-2021-31901
CVE-2021-25760
CVE-2021-25759
CVE-2021-25757
CVE-2020-11691
CVE-2019-18360
CVE-2019-14955
CVE-2019-12847
CVE-2014-0177
< 2025.3.128064
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
< 2025.3.119807
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
all versions
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileg
all versions
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 a
< 2025.3.104432
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
< 2025.3.104432
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
< 2025.3.104992
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
< 2024.3.55417
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
< 2024.3.47707
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
< 2024.2.34646
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
< 1.16.0
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF proj
< 1.16.0
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF proj
< 1.16.0
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF proj
< 2023.1.15725
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
< 2022.1.15583
In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
< 2022.3.15181
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
< 2022.2.14799
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
< 2022.1.14638
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
< 2022.1.14434
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
< 2021.1.14276
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
< 2021.1.14276
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
< 2021.1.13956
In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS.
< 2021.1.13890
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
< 2021.1.13415
In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.
< 2021.1.13690
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
< 2021.1.13690
In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.
< 2021.1.13690
In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.
< 2021.1.13402
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
< 2021.1.13262
In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used.
< 2021.1.13389
In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.
< 2021.1.13079
In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.
< 2020.1.12669
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
< 2020.1.12629
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user.
< 2020.1.12629
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
< 2020.1.12099
In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
< 2019.1.11738
In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
< 2018.4.11436
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password ex
< 2018.4.11298
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user
<= 1.12.0
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack o