EUVD-2026-3307

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

CVE-2026-23721

OpenProject suffers a permission-check flaw: if a user has the View Members permission in any project, they could enumerate all groups and see which users are in each group. This affects OpenProject versions prior to 17.0.1 and 16.6.5. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No...

CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...

PT-2026-3474

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.1 OpenProject versions prior to 16.6.5 Description OpenProject is a web-based project management software. A permission check failure in earlier versions allowed users with the 'View Members' permission in an...

Linux Distros Unpatched Vulnerability : CVE-2023-38886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. CVE-2023-38886 Note...

Evmos Security Vulnerabilities

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos 17.0.1 and earlier versions that stems from the transfer of unvested tokens upon delegation...

Evmos Security Vulnerabilities

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos version 17.0.1 and earlier, which stems from allowing users to create validators using vested tokens to deposit self-securit...

BIT-GITLAB-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in Enterprise Edition EE and Community Edition CE. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service DoS, or collect sensitive data via a Cross-Site-Scripting attack XSS to take over accounts. GitLab has released updates to fix the...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 Exploit Dolibarr vuln...

CVE-2024-2874 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE before 16.10.6, before 16.11.3, and...

GitLab 15.11 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-4835)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 16.10.6, prior to...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE versions prior to 16.10.6, prior to...

CVE-2023-38886

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script...

Dolibarr Cross-Site Scripting Vulnerability

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A cross-site scripting vulnerability exists in Dolibarr ERP CRM v.17.0.1 and prior versions, which originates from a vulnerability that could allow a remote attacker to obtain sensitive...

Dolibarr Version 17.0.1 - Stored XSS

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

Dolibarr Version 17.0.1 - Stored XSS Vulnerability

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...