Lucene search
K

770 matches found

Nuclei
Nuclei
added 18 hours ago37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
NVD
NVD
added 2026/06/28 4:16 p.m.11 views

CVE-2026-13504

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS0.00203EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/28 3:30 p.m.10 views

EUVD-2026-40002

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS4AI score0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 3:30 p.m.36 views

CVE-2026-13504

CVE-2026-13504 affects code-projects Project Management System 1.0, specifically the /mail.php Mail Compose Page. The vulnerability is a cross-site scripting flaw in unknown code paths within that file, exploitable remotely and with user interaction required. The description notes public disclosu...

5.1CVSS4AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/28 3:30 p.m.37 views

CVE-2026-13504 code-projects Project Management System Mail Compose mail.php cross site scripting

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/06/28 12:17 p.m.9 views

CVE-2026-13490

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be...

6.3CVSS0.00309EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.15 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52911

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description Cache store poisoning allows for Remote Code Execution RCE, a process where an attacker executes arbitrary code on a remote machine. Recommendations Update t...

9.6CVSS6.2AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 4:17 p.m.12 views

CVE-2026-46558

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS0.0028EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/10 3:42 p.m.34 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS0.0028EPSS
Exploits3References2
EUVD
EUVD
added 2026/06/10 3:42 p.m.13 views

EUVD-2026-36066

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39374

Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member ADMIN or MEMBER to modify the startdate and targetdate of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
OSV
OSV
added 2026/06/04 3:5 p.m.7 views

GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

8.3CVSS6AI score0.00047EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.11 views

CVE-2026-10284

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 p.m.22 views

CVE-2026-10284

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS0.0023EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 9:16 p.m.16 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.0023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:15 p.m.11 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/01 7:15 p.m.32 views

CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.0023EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 7:15 p.m.24 views

CVE-2026-10285

The CVE-2026-10285 affects DevaslanPHP project-management (up to 2.0.0-beta1). The issue lies in KanbanScrumHelper::recordUpdated (file app/Helpers/KanbanScrumHelper.php) where manipulation leads to improper authorization, enabling a remote attack. The available sources do not specify exploit vec...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References6
Rows per page
Query Builder