Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-38092

Malicious code in bioql PyPI...

8.9CVSS5.8AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42704

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00553EPSS
Exploits1References2
NVD
NVD
added 2025/05/21 10:15 p.m.12 views

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

4.3CVSS0.00227EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 a.m.4 views

CVE-2024-47830

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

9.3CVSS9AI score0.00553EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:31 a.m.5 views

CVE-2024-31461

Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...

9.1CVSS6.7AI score0.00667EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 10:15 p.m.10 views

CVE-2025-21616

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2025/01/06 9:22 p.m.3 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS5.9AI score0.00259EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/06 9:22 p.m.16 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.00259EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/19 6:28 p.m.13 views

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS7.2AI score0.01872EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/30 9:34 p.m.8 views

CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

8.9CVSS6.9AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/21 12:0 a.m.9 views

Unspecified Vulnerability in Redmine

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 3.4.13 and versions prior to 4.0.6 in t...

5.3CVSS6.6AI score0.00809EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2003/03/29 12:0 a.m.31 views

alexandria.txt

====================================================================== Secunia Research 28/03/2003 - Alexandria-dev / sourceforge multiple vulnerabilities - ====================================================================== Receive Secunia Security Advisories for free:...

7.4AI score
Exploits0
Rows per page
Query Builder