Lucene search
K

769 matches found

RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.8 views

CVE-2026-27706

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS5.6AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Initiative 代码问题漏洞

Initiative is an open-source project management platform developed by Morelitea. Versions of Initiative prior to 0.32.4 contained code vulnerabilities. These vulnerabilities stemmed from a storage-type cross-site scripting vulnerability in the document upload function, which could lead to the...

8.7CVSS5.7AI score0.00551EPSS
Exploits1References2
NVD
NVD
added 2026/02/25 5:25 p.m.7 views

CVE-2026-27705

Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk via FileAsset.objects.getid=pk, without verifying that the asset belong...

7.1CVSS0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to version 2025.3.121962...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.5 views

CVE-2026-1640

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

4.3CVSS5.7AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20280

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions: wppm submit proj...

4.3CVSS5.7AI score0.00261EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.6 views

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS5.7AI score0.00354EPSS
Exploits1References1
NVD
NVD
added 2026/02/10 6:16 p.m.7 views

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS0.00354EPSS
Exploits1References3
CVE
CVE
added 2026/02/10 5:32 p.m.22 views

CVE-2026-25947

Worklenz is affected by multiple SQL injection vulnerabilities in backend query construction affecting project/task management controllers, reporting/financial endpoints, real-time socket.io handlers, and resource scheduling prior to version 2.1.7. The issue is mitigated by upgrading to v2.1.7, w...

8.8CVSS5.7AI score0.00354EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/02/10 4:47 p.m.4 views

CVE-2026-25530

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

4.3CVSS5.3AI score0.00235EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/02/10 4:40 p.m.6 views

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

8CVSS5.3AI score0.00182EPSS
Exploits1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.2 had security vulnerabilities, which stemmed from lack of permission checks. These vulnerabilities could potentially lock out application administrators...

6.7CVSS5.8AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 2026/01/15 4:16 p.m.7 views

CVE-2021-47819

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

9.8CVSS0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.3 views

CVE-2021-47819 ProjeQtOr Project Management 9.1.4 - Remote Code Execution

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

9.8CVSS7.9AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/15 3:52 p.m.10 views

EUVD-2026-2750

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

9.8CVSS7.8AI score0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/01/15 3:52 p.m.14 views

CVE-2021-47819

CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...

9.8CVSS7.9AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-3056

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...

9.8CVSS8.3AI score0.00381EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 12:59 a.m.4 views

CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

5.3CVSS6.8AI score0.00352EPSS
Exploits2References5
NVD
NVD
added 2026/01/02 4:17 p.m.5 views

CVE-2025-69284

Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...

4.3CVSS0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/02 3:42 p.m.6 views

EUVD-2025-206228

Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...

4.3CVSS6.2AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder