CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•2 views

CVE-2026-39374

Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member ADMIN or MEMBER to modify the startdate and targetdate of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches...

7.7CVSS5.5AI score0.00036EPSS

NVD•added 2026/05/20 10:16 p.m.•10 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS0.00037EPSS

Exploits1References2

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane 1.3.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from SavedAnalyticEndpoint directly passing user-controlled segment parameters into Django F expressions...

6.5CVSS5.8AI score0.00037EPSS

RedhatCVE•added 2026/04/14 1:22 a.m.•3 views

CVE-2026-39843

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

7.7CVSS5.9AI score0.00038EPSS

EUVD•added 2026/04/09 3:43 p.m.•2 views

EUVD-2026-20940

7.7CVSS5.9AI score0.00038EPSS

ATTACKERKB•added 2026/04/09 3:43 p.m.•4 views

CVE-2026-39843

7.7CVSS5.9AI score0.00038EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/07 8:26 p.m.•16 views

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

2CVSS0.0004EPSS

ATTACKERKB•added 2026/04/07 8:26 p.m.•3 views

CVE-2026-27949

Exploits0References2Affected Software1

EUVD•added 2026/04/07 8:26 p.m.•2 views

EUVD-2026-19935

Vulnrichment•added 2026/04/07 8:26 p.m.•2 views

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

NVD•added 2026/04/07 8:16 p.m.•0 views

CVE-2026-39374

7.7CVSS0.00036EPSS

Vulnrichment•added 2026/04/07 7:37 p.m.•3 views

CVE-2026-39374 Plane IDOR: Cross-Project Issue Date Modification via Bulk Update Endpoint

6.5CVSS5.9AI score0.00036EPSS

CVE•added 2026/04/07 7:37 p.m.•6 views

CVE-2026-39374

The CVE describes an IDOR-style flaw in Plane (open‑source project management tool) prior to version 1.3.0. The IssueBulkUpdateDateEndpoint lets a project member with ADMIN/MEMBER privileges modify start_date and target_date of ANY issue across the entire instance by fetching issues by ID without...

7.7CVSS5.9AI score0.00036EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31015

RedhatCVE•added 2026/03/08 1:44 a.m.•2 views

Exploits0References4

CVE-2026-30244

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

7.5CVSS5.7AI score0.00032EPSS

RedhatCVE•added 2026/03/08 1:44 a.m.•4 views

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

8.5CVSS5.8AI score0.00015EPSS