Lucene search
+L

7 matches found

CVE
CVE
added 2026/04/10 5:7 p.m.26 views

CVE-2026-40163

Saltcorn is affected by an unauthenticated path traversal vulnerability in the sync endpoints. Before versions 1.4.5, 1.5.5, and 1.6.0-beta.4, POST /sync/offline_changes allows an attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON anywhere on the ...

8.2CVSS5.9AI score0.00333EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/09 12:31 p.m.12 views

GHSA-5RFV-H47G-XJ42 Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/09 10:12 a.m.2 views

CVE-2026-24661

Mattermost Plugins versions =2.1.3.0 fail to limit the request body size on the /changes webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00611...

3.7CVSS5.9AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.7 views

CVE-2026-25763

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.9CVSS5.6AI score0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 10:10 p.m.4 views

CVE-2026-25763 Command Injection on OpenProject repositories leads to Remote Code Execution

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.4CVSS5.7AI score0.00461EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6805

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...

9.9CVSS6.6AI score0.00461EPSS
Exploits0References11
EUVD
EUVD
added 2025/12/11 12:0 a.m.5 views

EUVD-2025-202749

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the checkchanges in file /usr/lib/lua/luci/controller/admin/common.lua...

7.3AI score0.02157EPSS
Exploits0References4
Rows per page
Query Builder