CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

CVE-2026-27706

Plane is an open-source project management tool. Before version 1.2.2, there is a full Read Server-Side Request Forgery (SSRF) in the "Add Link" feature. An authenticated user with general privileges could issue arbitrary GET requests to internal networks and exfiltrate the full response body, po...

EUVD-2026-8682

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

EUVD-2021-24611

Malware in sbrugna...

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

Design/Logic Flaw

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

OneNav 跨站脚本漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. OneNav beta 0.9.12 suffers from a cross-site scripting vulnerability, which allows attackers to conduct XSS attacks via the Add Link feature...