Lucene search
+L

256 matches found

OSV
OSV
added 2026/07/07 12:12 p.m.1 views

MAL-2026-9615 Malicious code in zlam_agenda (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ed4788b8cafe3dac555dc02a7f475a0dac0eee00b3462999c89870c1226fc6f6 --- Credit: OpenSSF source...

5.3AI score
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.8 views

CVE-2026-49355

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS6AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:29 p.m.26 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:29 p.m.18 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS5.6AI score0.00174EPSS
Exploits1References1
NVD
NVD
added 2026/04/20 4:16 p.m.7 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS0.00174EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/20 3:12 p.m.8 views

EUVD-2026-23870

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/20 3:12 p.m.3 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/20 3:12 p.m.30 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS0.00174EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 3:12 p.m.2 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS6AI score0.00174EPSS
Exploits1References4
CVE
CVE
added 2026/04/20 3:12 p.m.26 views

CVE-2026-40896

CVE-2026-40896 concerns OpenProject before version 17.3.0, where a user with the low-privilege permission manage_agendas in any project can inject agenda items into meetings across other projects due to an unscoped section lookup vulnerability. The attack does not require knowledge of the target ...

7.1CVSS5.8AI score0.00174EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33783

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manage agendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/03/27 12:0 a.m.26 views

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2026-12397

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS5.8AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.6 views

CVE-2026-3024

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

5.4CVSS0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 10:13 a.m.29 views

CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25673

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

4.8CVSS5.8AI score0.00133EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.4 views

Defensible Design for OpenClaw: Securing Autonomous Tool-Invoking Agents

OpenClaw-like agents offer substantial productivity benefits, yet they are insecure by default because they combine untrusted inputs, autonomous action, extensibility, and privileged system access within a single execution loop. We use OpenClaw as an exemplar of a broader class of agents that...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-24776

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This allowed a...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder