Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-24776

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This allowed a...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 6:15 p.m.8 views

CVE-2026-24776

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...

4.3CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/06 5:56 p.m.25 views

CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...

4.3CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/02/06 5:56 p.m.10 views

CVE-2026-24776

OpenProject prior to 17.0.2 vulnerable to a logic flaw in the drag-and-drop handler for agenda items. The target meeting section was not validated to belong to the same meeting (or backlog in recurring meetings), enabling an attacker to move an agenda item to a different meeting, causing confusio...

4.3CVSS5.6AI score0.0019EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/06 5:56 p.m.4 views

EUVD-2026-5638

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6762

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.2 Description OpenProject is a web-based project management software. A flaw existed in the drag-and-drop functionality for agenda items, where the system did not verify if the target meeting section belonged...

4.3CVSS5.4AI score0.0019EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.0.2 had security vulnerabilities. These vulnerabilities stemmed from the drag-and-drop processing mechanism, which did not properly check the target meeting details. This could allow attackers...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-2001

Malware in sbrugna...

6.8CVSS6.4AI score0.00656EPSS
Exploits1References6
CVE
CVE
added 2010/07/22 10:0 a.m.41 views

CVE-2009-4942

Technical details (affected versions, root cause, exploit conditions) are not provided in the connected documents. Monitor for updates for additional, verifiable information.

4.3CVSS7.4AI score0.00524EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/07/22 10:0 a.m.16 views

CVE-2009-4942

Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...

7.2AI score0.00524EPSS
Exploits0References3
NVD
NVD
added 2010/07/22 5:40 a.m.11 views

CVE-2009-4942

Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...

4.3CVSS7.2AI score0.00524EPSS
Exploits0References3
Prion
Prion
added 2010/07/22 5:40 a.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items...

4.3CVSS7.8AI score0.00524EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/06/08 7:30 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...

6.8CVSS7.7AI score0.00656EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2009/06/08 7:30 p.m.14 views

CVE-2009-2005

Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...

6.8CVSS7.2AI score0.00656EPSS
Exploits1References5
CVE
CVE
added 2009/06/08 7:0 p.m.39 views

CVE-2009-2005

CVE-2009-2005 describes a CSRF vulnerability in Dokeos 1.8.5 (and possibly earlier) that could allow an attacker to hijack an authenticated session and add new personal agenda items via unknown vectors. The connected documents identify the affected product and the basic impact, but do not provide...

6.8CVSS7.4AI score0.00656EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2009/06/08 7:0 p.m.26 views

CVE-2009-2005

Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...

7.2AI score0.00656EPSS
Exploits1References5
Rows per page
Query Builder