776 matches found
CVE-2021-47819 ProjeQtOr Project Management 9.1.4 - Remote Code Execution
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...
EUVD-2026-2750
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...
CVE-2021-47819
CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...
PT-2026-3056
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2025-69284
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...
CVE-2025-69284 In plane.io, a Guest User to a Workspace can still be able to see list of members
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...
EUVD-2025-206228
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https://app.plane.so/:slug/settings. Prior to Plane version 1.2.0, a problem occurs when the /api/workspaces/:slug/members/ is accessible by guest and able to list of users on a...
PT-2026-1101
Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.0 Description Plane is an open-source project management tool. A guest user, lacking the necessary permissions, could access the /api/workspaces/:slug/members/ endpoint and list users within a workspace they have...
PT-2025-49234
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto delete file AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...
SQL Injection Vulnerability in PM2 Project Management Platform of Beijing Bangyong Technology Co. Ltd (CNVD-C-2025-983218)
Ltd. is a professional project management software provider, providing advanced and practical project management software and project management informationization related consulting. SQL injection vulnerability exists in the PM2 project management platform of Beijing BangYong Technology Co., Ltd...
CVE-2025-62368
Taiga CVE-2025-62368 affects Taiga Open Source Project Management
CVE-2025-11656
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launche...
EUVD-2020-5836
Malware in sbrugna...
EUVD-2016-4599
Malware in sbrugna...
EUVD-2019-6485
Malware in sbrugna...
EUVD-2018-0238
Malware in sbrugna...
EUVD-2017-5864
Malware in sbrugna...
EUVD-2020-14500
Malware in sbrugna...
EUVD-2013-3699
Malware in sbrugna...