Lucene search
+L

47 matches found

nuclei
nuclei
added yesterday64 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS6.2AI score0.06232EPSS
Exploits1References3
nvd
nvd
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44734

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

6.5CVSS0.00231EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 7:33 p.m.26 views

CVE-2026-44734 OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

6.5CVSS0.00231EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.16 views

PT-2026-52900

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description The meetings filter feature in the web application allows an attacker to enumerate existing user accounts by probing user IDs and observing differences in...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.20 views

PT-2026-48411

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...

8.8CVSS6.3AI score0.0071EPSS
Exploits1References4
nvd
nvd
added 2026/04/20 4:16 p.m.7 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

7.1CVSS0.00174EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.7 views

PT-2026-29864

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

9.9CVSS5.8AI score0.0027EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32703

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS5.8AI score0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/03/11 4:27 p.m.5 views

EUVD-2026-11237

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/11 12:0 a.m.6 views

PT-2026-24741

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/05 12:0 a.m.6 views

PT-2026-23480

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

4.3CVSS5.8AI score0.00209EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/02/06 10:10 p.m.5 views

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

3.5CVSS5.4AI score0.00241EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2026/01/09 9:13 a.m.6 views

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

7.8CVSS6.7AI score0.00189EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-2393

Malware in sbrugna...

4.3CVSS6.4AI score0.06232EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-4291

Malware in sbrugna...

7.8CVSS6.4AI score0.02587EPSS
Exploits1References2
vulncheck_kev
vulncheck_kev
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2008-2398

Cross-site scripting XSS vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter...

4.3CVSS5.9AI score0.06232EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/21 9:50 p.m.4 views

CVE-2005-4296

AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request...

7.8CVSS7AI score0.02587EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/12/08 12:0 a.m.5 views

JetBrains IntelliJ IDEA 加密问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3 that stems from the built-in web server disclosing information about open projects...

4CVSS4.9AI score0.00126EPSS
Exploits0References2
nvd
nvd
added 2022/08/03 4:15 p.m.24 views

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

7.8CVSS0.00189EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/08/03 4:15 p.m.3 views

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

7.8CVSS7.5AI score0.00189EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder