74 matches found
CVE-2026-24007 Tuleap is missing CSRF protection in the Overview inconsistent items
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items creating artifact links from the release. This...
CVE-2021-41276
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to ...
CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API...
CVE-2025-64497
CVE-2025-64497 describes an access-control vulnerability in Tuleap where users without access to certain projects could retrieve file release system information. Affected products are Tuleap Community Edition versions below 17.0.99.1762431347 and Tuleap Enterprise Edition versions below 17.0-2, 1...
Enalean Tuleap 跨站请求伪造漏洞
Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A cross-site request forgery vulnerability exists in Enalean Tuleap that stems from a lack of CSRF protection and could lead to the creation...
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1761813675 and Tuleap Enterprise Edition prior to versions 16.13-5 and 16.12-8 don't have cross-site request forgery protection in the management of...
PT-2025-46724
Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1762267347 Tuleap Enterprise Edition versions prior to 17.01 Tuleap Enterprise Edition versions prior to 16.13-6 Tuleap Enterprise Edition versions prior to 16.12-9 Description Tuleap is an...
EUVD-2024-28177
Malicious code in bioql PyPI...
EUVD-2022-29660
Malicious code in bioql PyPI...
EUVD-2025-7733
Malicious code in bioql PyPI...
EUVD-2025-8849
Malicious code in bioql PyPI...
EUVD-2023-28007
Malicious code in bioql PyPI...
EUVD-2024-22480
Malicious code in bioql PyPI...
EUVD-2021-28309
Malicious code in bioql PyPI...
EUVD-2021-28264
Malicious code in bioql PyPI...
CVE-2025-59040 Tuleap backlog item representations do not verify the permissions of the child trackers
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition...
CVE-2025-53902
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts...
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could inser...
CVE-2025-53541
CVE-2025-53541 affects Tuleap Community Edition (before 16.9.99.1751892857) and Tuleap Enterprise Edition (before 16.8-5 and 16.9-3). Malicious users could insert malicious code when displaying the children of a parent artifact, causing XSS. The fixed versions are Tuleap Community Edition 16.9.99...
CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...