CVE-2026-44734

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

CVE-2026-44734 OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

CVE-2026-44734

CVE-2026-44734 affects OpenProject prior to 17.3.2 and 17.4.0. A Missing Authorization flaw in CostReportsController allows any authenticated user to rename/update public cost reports (name, filters, grouping) without ownership or permission checks. An attacker who guesses a public report ID can ...

CVE-2026-11551

creationtimestamp| type| source ---|---|--- 2026-06-20 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mookgqp4bp2f 2026-06-20 00:00:46+00:00| seen| https://infosec.exchange/users/offseq/statuses/116779492087943579 2026-06-20 01:01:06+00:00| seen|...

CVE-2026-6157

creationtimestamp| type| source ---|---|--- 2026-04-12 18:27:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116393143940938921 2026-04-13 04:17:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjdz3hiejr27 2026-04-13 05:18:10+00:00| published-proof-of-concep...

CVE-2026-34179

creationtimestamp| type| source ---|---|--- 2026-04-09 07:10:23+00:00| published-proof-of-concept| https://github.com/canonical/lxd/security/advisories/GHSA-c3h3-89qf-jqm5 2026-04-09 10:18:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mj2lfkl4z627 2026-04-09...

CVE-2025-14727

creationtimestamp| type| source ---|---|--- 2025-12-17 16:58:56+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115735968836991760 2025-12-17 17:31:11+00:00| seen| https://gist.github.com/Darkcrai86/f330bb00b3e418af5808330ef79bf782 2025-12-17 17:56:31+00:00| seen|...

CVE-2025-10686

creationtimestamp| type| source ---|---|--- 2025-11-14 06:41:19+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5l35oclwe32 2025-11-14 07:35:03+00:00| seen| https://gist.github.com/Darkcrai86/fb060803fb49df2837e0b35a885e21f8 2025-11-14 08:53:57+00:00| seen|...

Exploit for CVE-2025-46183

Vulnerability Disclosures Public reports of identified vulner...

Information Exposure

org.junit.platform, junit-platform-reporting is vulnerable to information exposure. The vulnerability is due to a flaw in the OpenTestReportGeneratingListener leaking Git credentials in generated Open Test Reporting XML files, which allows an attacker to steal exposed tokens from publicly...

HackerOne: IDOR: Authorization Bypass in LockReport Mutation for public reports

An authorization bypass vulnerability allowed an attacker to lock any public report, potentially disrupting the reporting process...

GSD-2022-1006324 unknown in Exchange Server version Exchange Server 2019

In Microsoft Exchange Server version Exchange Server 2019 and possibly earlier an undisclosed vulnerability exists in an undisclosed component that can be attacked via the network, reportedly resulting in remote code execution. This is also known as ZDI-CAN-18333, and public reports of exploitati...

Hitachi Energy APM Edge

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Transformer Asset Performance Management APM Edge Vulnerability: Reliance on Uncontrolled Component 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory...

HackerOne: Reading redacted data via hackbot's answers

Summary: Hello, I have found a way to use hackbot's automated duplication answers to reveal redacted data via brute force. This is restricted by the length of the report and number of radacted items. For short report with little content and just 1-2 redacted texts this is rather easy to accomplis...

HackerOne: New hacktivity view discloses report IDs of non-public reports

url: https://hackerone.com/hacktivity.json this url reveals information of reporters Report id ./...

HackerOne: New hacktivity view discloses report IDs of non-public reports

The new hacktivity view unintentionally leaked the report IDs of non-public undisclosed reports through react ID's. It has the same root cause as 127620 and was reporter earlier than that, so we decided to award the same bounty. The new hacktivity view unintentionally leaked the report IDs of...