Lucene search
K

414 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 7:39 p.m.6 views

CVE-2026-44732

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:39 p.m.22 views

CVE-2026-44732 OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of Resources

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenProject exposes a document update endpoint used to modify existing documents. The target document is loaded with visibility checks and then updated. During update, attacker-controlled attributes are...

4.3CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:39 p.m.12 views

CVE-2026-44732

OpenProject vulnerability CVE-2026-44732 affects the web-based project management tool prior to versions 17.3.2 and 17.4.0. The flaw occurs in the /api/v3/documents/{id} PATCH endpoint, where attacker-controlled attributes are applied to the persisted record before authorization checks, allowing ...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:33 p.m.6 views

CVE-2026-44734

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 7:33 p.m.9 views

CVE-2026-44734

CVE-2026-44734 affects OpenProject prior to 17.3.2 and 17.4.0. A Missing Authorization flaw in CostReportsController allows any authenticated user to rename/update public cost reports (name, filters, grouping) without ownership or permission checks. An attacker who guesses a public report ID can ...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:32 p.m.5 views

CVE-2026-44735

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 7:32 p.m.10 views

CVE-2026-44735

Technical details for CVE-2026-44735 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:32 p.m.22 views

CVE-2026-44735 OpenProject: Shares API Information Disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:30 p.m.5 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:30 p.m.24 views

CVE-2026-44696 OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:30 p.m.12 views

CVE-2026-44696

OpenProject prior to 17.4.0: the rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css], permitting essentially all CSS in style attributes on elements like figure, img, table, th, tr, td. This enables any authenticated user with write access to formattable fields (work pack...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:29 p.m.21 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:29 p.m.6 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:27 p.m.5 views

CVE-2026-44736

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:27 p.m.22 views

CVE-2026-44736 OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:27 p.m.9 views

CVE-2026-44736

OpenProject vulnerability CVE-2026-44736 affects the OpenProject web-based project management platform. The flaw exists in the GET /api/v3/relations endpoint prior to version 17.4.0, allowing any authenticated user to retrieve relations and the titles of work packages they should not have permiss...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:26 p.m.8 views

CVE-2026-46386

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:26 p.m.22 views

CVE-2026-46386 OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:26 p.m.12 views

CVE-2026-46386

OpenProject’s official docker image ships SECRET_KEY_BASE=OVERWRITE_ME and cookies_serializer = :marshal, creating a deterministic Marshal-deserialization path reachable via the /my/two_factor_devices cookie reader. This enables potential pre-authentication remote code execution, as noted in the ...

9.9CVSS5.8AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder