Lucene search
K

14 matches found

OSV
OSV
added 2026/05/06 2:43 p.m.8 views

BIT-JAVA-MIN-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

7.5CVSS7.4AI score0.46677EPSS
Exploits6References19
NVD
NVD
added 2026/02/09 7:15 p.m.5 views

CVE-2026-24777

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...

6.7CVSS0.00321EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 6:28 p.m.17 views

CVE-2026-24777

OpenProject prior to 17.0.2 allowed users with the Manage Users permission to lock and unlock other users, including application administrators, due to a missing permission check. The issue is fixed in OpenProject 17.0.2. Affected software: OpenProject (web-based project management) with the vuln...

6.7CVSS5.5AI score0.00321EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/09 6:28 p.m.3 views

CVE-2026-24777 OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...

6.7CVSS5.5AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/09 6:28 p.m.32 views

CVE-2026-24777 OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrator...

6.7CVSS0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/02/06 6:15 p.m.8 views

CVE-2026-24776

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...

4.3CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/01/28 7:16 p.m.10 views

CVE-2026-24772

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

9CVSS0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:10 p.m.6 views

CVE-2026-24775

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/28 6:7 p.m.28 views

CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

8.9CVSS0.00159EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 6:7 p.m.5 views

CVE-2026-24772 OpenProject has SSRF and CSWSH in Hocuspocus Synchronization Server

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

8.9CVSS5.9AI score0.00159EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:7 p.m.10 views

CVE-2026-24772

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

8.9CVSS5.9AI score0.00159EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-1736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to...

6.5CVSS5.4AI score0.00575EPSS
Exploits0References2
OSV
OSV
added 2024/06/17 7:23 a.m.20 views

BIT-GITLAB-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration...

6.5CVSS6.1AI score0.00575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/01/15 12:0 a.m.34 views

Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. CVE-2013-0743 - A use-after-free error exists related to displaying HTML tabl...

9.3CVSS7.8AI score0.73364EPSS
Exploits20References38
Rows per page
Query Builder