342 matches found
PT-2026-2225
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.3 Description OpenProject is a web-based project management software. Versions prior to 16.6.3 allowed users with the ‘View Meetings’ permission on any project to access meeting details from projects they did...
PT-2026-2223
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.2 Description OpenProject is a web-based project management software. The unauthenticated password-change endpoint, /account/change password, lacked the brute-force protection present in the standard login...
PT-2026-2222
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.2 Description OpenProject is a web-based project management software. A user with low privileges can view the full names of other users. User IDs are assigned sequentially, allowing an attacker to extract a...
OpenProject 信息泄露漏洞
OpenProject is OpenProject open source a Web-based project management software. An information disclosure vulnerability exists in versions of OpenProject prior to 16.6.2. The vulnerability stems from a low-privileged logged-in user being able to view the full names of other users, and an attacker...
OpenProject 安全漏洞
OpenProject is a web-based project management software from OpenProject Open Source. A security vulnerability exists in OpenProject versions prior to 16.6.2 that stems from a lack of brute force protection in an unprotected password change endpoint, which could lead to account cracking and...
CVE-2024-41801
OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...
EUVD-2017-3279
Malware in sbrugna...
EUVD-2019-7559
Malware in sbrugna...
EUVD-2021-19531
Malware in sbrugna...
EUVD-2023-38091
Malicious code in bioql PyPI...
EUVD-2025-3977
Malicious code in bioql PyPI...
EUVD-2024-35248
Malicious code in bioql PyPI...
EUVD-2023-35460
Malicious code in bioql PyPI...
EUVD-2021-30710
Malicious code in bioql PyPI...
EUVD-2024-39190
Malicious code in bioql PyPI...
CVE-2023-31140
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...
CVE-2023-33960
OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...
CVE-2021-32763
OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the MessagesController class of OpenProject has a quote method that implements the logic behind the Quote button in the discussion forums, and it uses a regex to strip tags from the message being quote...
CVE-2021-43830
OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...
CVE-2019-17092
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled...