CVE-2026-52780

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...

CVE-2026-52780 OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...

CVE-2026-47193

OpenProject (open-source web-based project management) contains a vulnerability in the journal diff endpoint that discloses hidden historical field values due to lack of object/field visibility enforcement. The issue is fixed in versions 17.3.3 and 17.4.1. Affected component: journal diff endpoin...

CVE-2024-8974 Incorrect Provision of Specified Functionality in GitLab

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

CVE-2024-8974 Incorrect Provision of Specified Functionality in GitLab

Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."...

CVE-2024-4278

GitLab Enterprise Edition (GitLab EE) is affected by CVE-2024-4278. The issue is an information disclosure where a maintainer could obtain a Dependency Proxy password by editing a specific Dependency Proxy setting. Affected versions are 16.5 to 16.2.7? (per provided data: 16.5 up to 17.2.8, 17.3 ...

Apple Safari Security Update (HT214094)

Apple Safari is prone to an out-of-bounds write vulnerability SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

Adobe InDesign < 17.4.1 / 18.0 < 18.2.0 Application denial-of-service (APSB23-12) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 17.4.1, 18.2.0. It is, therefore, affected by a vulnerability as referenced in the APSB23-12 advisory. - Adobe InDesign versions ID18.1 and earlier and ID17.4 and earlier are affected by a NULL Pointer Dereference...

CVE-2017-7327

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll...