CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Cvelist•added 2026/06/01 9:4 a.m.•29 views

CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

6.4CVSS0.00447EPSS

Exploits0References2

CVE•added 2026/06/01 9:3 a.m.•12 views

CVE-2026-40545

SOPlanning (versions ≤ 1.55) is vulnerable to Reflected XSS via the taches parameter. An attacker who can craft a malicious URL and entice an authenticated user to click it can cause arbitrary JavaScript execution in the victim’s browser. The CVE entry for CVE-2026-40545 explicitly documents this...

5.1CVSS6AI score0.00404EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 9:3 a.m.•8 views

CVE-2026-40545

SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...

8.8CVSS6AI score0.00404EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-30096

Malware in sbrugna...

6.5CVSS6.6AI score0.0052EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-30095

Malware in sbrugna...

6.5CVSS6.5AI score0.0052EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-50028

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00279EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-54089

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00842EPSS

Exploits1References2

NVD•added 2025/03/18 4:15 p.m.•10 views

CVE-2024-57170

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...

6.5CVSS0.00842EPSS

Exploits1References1

CNNVD•added 2025/03/18 12:0 a.m.•1 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning version 1.53.00, which originates from /process/upload.php directory traversal and could result in the deletion of arbitrary files...

6.5CVSS6.9AI score0.00842EPSS

Exploits1References2

Vulnrichment•added 2025/03/18 12:0 a.m.•8 views

CVE-2024-57170

7.1AI score0.00842EPSS

Exploits1References1

Cvelist•added 2025/03/18 12:0 a.m.•17 views

CVE-2024-57170

0.00842EPSS

Exploits1References1

CNNVD•added 2025/03/18 12:0 a.m.•2 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning version 1.53.00, which originates from an upload bypass of the /process/upload.php file and could lead to remote code execution...

9.8CVSS7.9AI score0.00889EPSS

Exploits1References2

Cvelist•added 2025/03/18 12:0 a.m.•11 views

CVE-2024-57169

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files...

0.00889EPSS

Exploits1References1

CVE•added 2025/03/18 12:0 a.m.•40 views

CVE-2024-57169

CVE-2024-57169 affects SOPlanning 1.53.00, with a vulnerability in the /process/upload.php file that could bypass upload restrictions and potentially allow remote code execution by uploading malicious files. The advisory carries CVSS v3.1 base score 9.8 (CRITICAL) with network attack vector, no u...

9.8CVSS7.6AI score0.00889EPSS

Exploits1References1Affected Software1

OSV•added 2024/10/07 3:15 p.m.•2 views

CVE-2024-9571

Cross-Site Scripting XSS vulnerability in SOPlanning 1.45, due to lack of proper validation of user input via /soplanning/www/process/xajaxserver.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take contro...

5.4CVSS5.8AI score0.00262EPSS

Exploits0References1

CNNVD•added 2024/09/11 12:0 a.m.•2 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker exploiting the vulnerability could access the underlying database...

9.8CVSS6.7AI score0.00409EPSS

Exploits0References2

CNVD•added 2020/02/24 12:0 a.m.•2 views

SOPlanning Cross-Site Scripting Vulnerability (CNVD-2020-13153)

SOPlanning is an online planning tool for efficiently organizing projects and tasks. A cross-site scripting vulnerability exists in SOPlanning 1.45. The vulnerability can be exploited to execute javascript code via the "Your SoPlanning url" field...

5.4CVSS6.7AI score0.00531EPSS

Exploits1References1

OSV•added 2020/02/18 7:15 p.m.•2 views

CVE-2020-9268

SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nomcreateur&by= substring...

7.5CVSS7.2AI score0.01415EPSS

Exploits1References1

OSV•added 2020/02/18 7:15 p.m.•3 views

CVE-2020-9266

SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajaxserver.php...

6.5CVSS5.9AI score0.0052EPSS

Exploits1References1