Lucene search
K

557 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.7 views

CVE-2024-43915

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through .3.102...

5.5CVSS6.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:38 a.m.10 views

CVE-2024-43916

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102...

7.1CVSS6.9AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.9 views

CVE-2023-34383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...

9.8CVSS8.9AI score0.00554EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.8 views

CVE-2023-36677

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67...

8.8CVSS8.3AI score0.00578EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:48 a.m.9 views

CVE-2023-31237

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9...

6.1CVSS7AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.23 views

CVE-2023-3636

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...

8.8CVSS6.7AI score0.00689EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:56 p.m.8 views

CVE-2022-3333

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

5.4CVSS6.3AI score0.00415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.5 views

CVE-2022-2840

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections...

9.8CVSS7.1AI score0.09675EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 p.m.7 views

CVE-2022-2839

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them t...

5.4CVSS6.2AI score0.00381EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:32 a.m.5 views

CVE-2017-11182

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...

5.4CVSS5.4AI score0.00806EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:31 a.m.5 views

CVE-2010-5223

Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse 1 wbtrv32.dll or 2 w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are...

6.9CVSS7.2AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 12:34 a.m.7 views

CVE-2025-3855

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/teammembers/saveprofileimage/ of the component Profile Picture Handler. The manipulation of the argument...

5.3CVSS7.1AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:8 p.m.19 views

CVE-2025-39552

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through = 3.3.200...

5.4CVSS7.2AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 6:2 p.m.6 views

CVE-2025-32526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Reflected XSS.This issue affects Zephyr Project Manager: from n/a through = 3.3.101...

7.1CVSS7.2AI score0.00251EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 1:15 a.m.5 views

CVE-2025-3855

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/teammembers/saveprofileimage/ of the component Profile Picture Handler. The manipulation of the argument...

5.3CVSS4.8AI score0.00371EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/22 12:31 a.m.13 views

CVE-2025-3855 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/teammembers/saveprofileimage/ of the component Profile Picture Handler. The manipulation of the argument...

5.3CVSS0.00371EPSS
Exploits1References4
CVE
CVE
added 2025/04/22 12:31 a.m.67 views

CVE-2025-3855

Summary of CVE-2025-3855 (CodeCanyon RISE Ultimate Project Manager 3.8.2) A vulnerability exists in the component “Profile Picture Handler” for the endpoint /index.php/team_members/save_profile_image/ where the argument profile_image_file is manipulated, leading to improper control of resource id...

5.3CVSS4.8AI score0.00371EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/22 12:31 a.m.22 views

CVE-2025-3855 CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/teammembers/saveprofileimage/ of the component Profile Picture Handler. The manipulation of the argument...

5.3CVSS6.9AI score0.00371EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.6 views

PT-2025-17477 · Unknown · Codecanyon Rise Ultimate Project Manager

Name of the Vulnerable Software and Affected Versions: CodeCanyon RISE Ultimate Project Manager version 3.8.2 Description: A problem was found in the file /index.php/team members/save profile image/ of the component Profile Picture Handler. The manipulation of the argument profile image file lead...

5.3CVSS4.6AI score0.00371EPSS
Exploits1References11
Rows per page
Query Builder