CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-42704

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00403EPSS

Exploits1References2

NVD•added 2025/05/21 10:15 p.m.•11 views

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

4.3CVSS0.00138EPSS

Exploits1References2

RedhatCVE•added 2025/02/05 8:24 a.m.•3 views

CVE-2024-47830

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

9.3CVSS9AI score0.00403EPSS

Exploits1

RedhatCVE•added 2025/02/05 12:31 a.m.•4 views

CVE-2024-31461

Plane, an open-source project management tool, has a Server-Side Request Forgery SSRF vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. T...

9.1CVSS6.7AI score0.00312EPSS

Exploits0References1

NVD•added 2025/01/06 10:15 p.m.•9 views

CVE-2025-21616

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.01012EPSS

Exploits1References1