Lucene search
+L

4 matches found

CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane 1.3.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from SavedAnalyticEndpoint directly passing user-controlled segment parameters into Django F expressions...

6.5CVSS5.8AI score0.00295EPSS
Exploits1References1
OSV
OSV
added 2026/04/09 3:43 p.m.5 views

CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

7.7CVSS6AI score0.00246EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 10:16 p.m.9 views

CVE-2026-30244

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

7.5CVSS0.00377EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Plane 访问控制错误漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained a access control vulnerability, which stemmed from incorrect configuration of the Django REST Framework’s permission classes. This allowed anonymous access to...

7.5CVSS5.8AI score0.00377EPSS
Exploits0References3
Rows per page
Query Builder