PT-2026-2220

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.4 Description OpenProject is a web-based project management software. A Local File Read issue exists in the work package PDF export functionality. By uploading a specially crafted SVG file disguised as a PNG ...

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly...

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly...

Design/Logic Flaw

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly...

CVE-2021-25768

CVE-2021-25768 concerns JetBrains YouTrack prior to 2020.4.4701, where attachment operation permissions were checked improperly. The root cause is an incorrect permissions check on actions related to attachments, enabling potential access control weaknesses in that version range. Public reference...

CVE-2021-25768

In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly...

Bugzilla < 3.6.10 / 4.0.7 / 4.2.2 / 4.3.2 Multiple Information Disclosures

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple information disclosure vulnerabilities : - In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment...