CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/03/26 3:2 p.m.•4 views

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.2AI score0.0004EPSS

Exploits0References1

NVD•added 2026/03/18 10:16 p.m.•1 views

CVE-2026-32698

9.1CVSS0.0004EPSS

Exploits0References1

CVE•added 2026/03/18 9:1 p.m.•13 views

CVE-2026-32698

OpenProject contains a SQL injection via a custom field name in Cost Reports in versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1. The injected field name can be processed by the SQL query, enabling arbitrary SQL execution. The issue is compounded by another bug in the Repositories_module that...

9.1CVSS6.1AI score0.0004EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/18 9:1 p.m.•15 views

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution

9.1CVSS0.0004EPSS

Exploits0References1

OSV•added 2026/03/18 9:1 p.m.•3 views

CVE-2026-32698 OpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code Execution

9.1CVSS6.2AI score0.0004EPSS

Exploits0References3

Positive Technologies•added 2026/03/18 12:0 a.m.•2 views

PT-2026-26156

9.1CVSS6.2AI score0.0004EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-35248

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00211EPSS

Exploits0References2

RedhatCVE•added 2025/02/04 10:12 p.m.•6 views

CVE-2024-35224

OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via icon substitution in table header values. This attack requires the permissions "Edit work package...

7.6CVSS5.9AI score0.00211EPSS

Exploits0References1

NVD•added 2024/05/23 1:15 p.m.•8 views

CVE-2024-35224

7.6CVSS7.3AI score0.00211EPSS

Exploits0References2

OSV•added 2024/05/23 12:53 p.m.•2 views

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

7.6CVSS6.1AI score0.00211EPSS

Exploits0References4

Cvelist•added 2024/05/23 12:53 p.m.•13 views

CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject

7.6CVSS7.3AI score0.00211EPSS

Exploits0References2

CVE•added 2024/05/23 12:53 p.m.•74 views

CVE-2024-35224

OpenProject contains a Stored XSS in the Cost Report feature caused by misconfigured tablesorter. The vulnerability allows an attacker with Edit work packages and Add attachments permissions to store JavaScript via a ticket attachment, bypassing CSP and potentially escalating privileges to a Syst...

7.6CVSS7.3AI score0.00211EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/05/23 12:0 a.m.•3 views

OpenProject 安全漏洞

OpenProject is an open source web-based project management software. The software features project planning, task management, bug tracking, and cost budgeting. A security vulnerability exists in OpenProject that stems from a stored cross-site scripting XSS vulnerability in the tablesorter of the...

7.6CVSS5.5AI score0.00211EPSS

Exploits0References3

Positive Technologies•added 2024/05/23 12:0 a.m.•3 views

PT-2024-26388

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 13.4.2 OpenProject versions prior to 14.0.2 OpenProject versions prior to 14.1.0 Description The issue concerns OpenProject, a leading open source project management software, which utilizes tablesorter inside of...

7.6CVSS5.3AI score0.00211EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by