Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25763

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.9CVSS5.6AI score0.00461EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 10:10 p.m.5 views

EUVD-2026-5556

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.4CVSS5.6AI score0.00461EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6805

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...

9.9CVSS6.6AI score0.00461EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/01/29 9:20 p.m.6 views

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 5:16 p.m.8 views

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 4:47 p.m.8 views

EUVD-2026-4879

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 4:47 p.m.6 views

CVE-2026-24685 OpenProject has Argument Injection on Repository module that allows Arbitrary File Write

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 4:47 p.m.20 views

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/28 4:47 p.m.16 views

CVE-2026-24685

CVE-2026-24685 affects OpenProject prior to 16.6.6 and 17.0.2. The vulnerability arises in the repository diff download endpoint when rendering a single revision with git show; an attacker can inject git show options by supplying a crafted rev (e.g., rev=--output=/tmp/poc.txt), causing OpenProjec...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder