Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/01/19 5:41 p.m.29 views

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

8.7CVSS0.00207EPSS
Exploits0References3
CVE
CVE
added 2026/01/19 5:41 p.m.15 views

CVE-2026-23625

OpenProject CVE-2026-23625 affects versions 16.3.0–16.6.4. A stored XSS in the Roadmap view occurs when a version’s work packages include a subproject; the helper link_to_work_package renders package.project.to_s with html_safe, allowing HTML in subproject names to be injected. The issue is mitig...

8.7CVSS5.1AI score0.00207EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/10 1:6 a.m.16 views

CVE-2026-22600

OpenProject before 16.6.4 is affected by a Local File Read (LFR) vulnerability in the work package PDF export feature. An attacker can craft an SVG file disguised as a PNG and upload it as a work package attachment; during PDF export, ImageMagick is triggered to resize the image, causing the text...

9.1CVSS6.2AI score0.0028EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/10 1:6 a.m.5 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS6.3AI score0.0028EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-6955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to...

6.6CVSS6AI score0.00552EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.28 views

GitLab 0 < 16.5.6 / 16.6 < 16.6.4 / 16.7 < 16.7.2 (CVE-2023-6955)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to...

6.6CVSS6.1AI score0.00552EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/01/12 1:56 p.m.32 views

CVE-2023-6955

Removed by vendor...

6.6CVSS6.3AI score0.00552EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/01/12 12:0 a.m.40 views

CVE-2023-4812

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...

7.6CVSS6.5AI score0.0051EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.5 views

PT-2024-1046 · Mattermost +2 · Mattermost +3

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 16.5.6 GitLab CE/EE versions 16.6 through 16.6.4 GitLab CE/EE versions 16.7 through 16.7.2 Description: The issue is related to incorrect authorization checks in GitLab, allowing a user to abuse...

8.8CVSS7.7AI score0.00829EPSS
Exploits0References38
Rows per page
Query Builder