Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS5.6AI score0.00174EPSS
Exploits1References1
NVD
NVD
added 2026/04/20 4:16 p.m.6 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS0.00174EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/20 3:12 p.m.3 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/20 3:12 p.m.8 views

EUVD-2026-23870

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
CVE
CVE
added 2026/04/20 3:12 p.m.23 views

CVE-2026-40896

CVE-2026-40896 concerns OpenProject before version 17.3.0, where a user with the low-privilege permission manage_agendas in any project can inject agenda items into meetings across other projects due to an unscoped section lookup vulnerability. The attack does not require knowledge of the target ...

7.1CVSS5.8AI score0.00174EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 3:12 p.m.28 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS0.00174EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33783

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manage agendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/27 1:32 p.m.3 views

CVE-2025-9531 Portabilis i-Educar Agenda agenda.php sql injection

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument codagenda results in sql injection. It is possible to initiate the attack remotely. The exploit...

6.5CVSS7.4AI score0.00368EPSS
Exploits1References5
Rows per page
Query Builder