OpenProject < 12.5.4 - Project Identifiers Exposure

OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...

Orangescrum SQL Injection Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...

Improper Access Control

com.blazemeter.plugins, BlazeMeterJenkinsPlugin is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission checks in the Jenkins UI, which allows an attacker to view sensitive resource identifiers such as credential IDs, workspaces, and project IDs without prope...

CVE-2025-13472

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

EUVD-2025-200734

BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources...

GHSA-FXP5-37MH-VFF5 BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

CVE-2025-13472

CVE-2025-13472 concerns the BlazeMeter Jenkins Plugin. The Red Hat and NVD entries, plus multiple security advisories, confirm that versions prior to 4.27 expose a list of sensitive resources (credential IDs, BlazeMeter workspaces, and project IDs) to users who should not have access. The underly...

CVE-2025-13472 Missing authorization in BlazeMeter Jenkins Plugin

A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI...

PT-2025-48800

Name of the Vulnerable Software and Affected Versions BlazeMeter Jenkins Plugin versions prior to 4.27 Description A flaw existed in the BlazeMeter Jenkins Plugin that allowed unauthorized users to view a list of available resources, including credential IDs, bzm workspaces, and bzm project IDs,...

EUVD-2024-46882

Malicious code in bioql PyPI...

EUVD-2025-31595

Malicious code in bioql PyPI...

CVE-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714

CVE-2024-5714 - Lunary in lunary-ai/lunary v1.2.4 is an improper access control vulnerability. Members with team management permissions can manipulate project identifiers in requests, enabling actions such as inviting users to projects in other organizations and changing members to projects with ...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

PT-2024-37091 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.4 Description: The issue is caused by an improper access control vulnerability that allows members with team management permissions to manipulate project identifiers in requests. This enables them to invite users ...

Design/Logic Flaw

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...