14 matches found
BIT-JAVA-MIN-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...
CVE-2026-24777
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...
CVE-2026-24777
OpenProject prior to 17.0.2 allowed users with the Manage Users permission to lock and unlock other users, including application administrators, due to a missing permission check. The issue is fixed in OpenProject 17.0.2. Affected software: OpenProject (web-based project management) with the vuln...
CVE-2026-24777 OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...
CVE-2026-24777 OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...
CVE-2026-24776
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24772
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2026-24775
OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
CVE-2026-24772
OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...
Linux Distros Unpatched Vulnerability : CVE-2024-1736
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to...
BIT-GITLAB-2024-1736 Uncontrolled Resource Consumption in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration...
Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. CVE-2013-0743 - A use-after-free error exists related to displaying HTML tabl...