CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

855 matches found

Cvelist•added 2026/06/12 1:23 p.m.•25 views

CVE-2026-1836 Stored credentials in Redmine

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS0.00105EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 1:23 p.m.•8 views

CVE-2026-1836 Stored credentials in Redmine

5.3CVSS5.3AI score0.00105EPSS

Exploits0References1

CVE•added 2026/06/12 1:23 p.m.•17 views

CVE-2026-1836

CVE-2026-1836 affects Redmine where the system stores the username and password from the login form after submission. This could allow an attacker with access to the platform to return to the browser and view credentials, compromising confidentiality (high impact). Root cause described as credent...

5.3CVSS5.3AI score0.00105EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•5 views

CVE-2023-31541

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...

9.8CVSS7.2AI score0.01781EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:24 a.m.•12 views

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

5.3CVSS6.7AI score0.01192EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•7 views

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS6.9AI score0.01215EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:23 a.m.•5 views

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process...

7.5CVSS6.5AI score0.01737EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:23 a.m.•7 views

CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments...

5.3CVSS6.6AI score0.01134EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•5 views

CVE-2019-18890

A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...

6.5CVSS7.4AI score0.04338EPSS

Exploits2References1