AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

PT-2026-29864

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

CVE-2026-32703

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

EUVD-2026-11237

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

PT-2026-24741

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

PT-2026-23480

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

CVE-2026-25764

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs in the time tracking function of OpenProject. The application does not escape HTML tags, an attacker with administrator privileges can create a work...

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

EUVD-2005-4291

Malware in sbrugna...

EUVD-2008-2393

Malware in sbrugna...

VulnCheck KEV: CVE-2008-2398

Cross-site scripting XSS vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter...

CVE-2005-4296

AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request...

JetBrains IntelliJ IDEA 加密问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3 that stems from the built-in web server disclosing information about open projects...

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

Open redirect

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

CVE-2022-37396

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution...

CVE-2022-37396

The CVE-2022-37396 vulnerability affects JetBrains Rider prior to 2022.2. Exploitation stems from a bypass of the Trust and Open Project dialog, enabling local code execution. The issue is documented across multiple sources (e.g., Red Hat and NVD entries) with the concrete remediation: upgrade to...

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...