EUVD-2024-35248

Malicious code in bioql PyPI...

EUVD-2024-45525

Malicious code in bioql PyPI...

PMTicket Project-Management-Software 代码问题漏洞

PMTicket Project-Management-Software is a PMTicket open source agile project management and issue tracking system. A code issue vulnerability exists in PMTicket Project-Management-Software, which stems from incorrect manipulation of the parameter userid of the component Cookie Handler in the file...

Pushing Boundaries With Claude Code

Claude Code stormed onto the programming scene when Anthropic launched it in February of this year. It moved, what Andrej Karpathy has called "The Autonomy Slider" from around a three to a solid eight. What this means is that you can give Claude Code direction, it will come up with a plan to...

CVE-2025-7886 pmTicket Project-Management-Software class.database.php getUserLanguage sql injection

A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument userid leads to sql injection. It...

CVE-2023-33970

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a missing access control was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or...

CVE-2025-46825

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

CVE-2025-46825

Kanboard (versions 1.2.26–1.2.44) has a Stored XSS vulnerability in the name field of the create form (controller=ProjectCreationController&action=create). The issue arises despite a default CSP that blocks the attack and may be exploitable if CSP is misconfigured and CSS injection is possible. V...

kanboard -- Insufficient session invalidation

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store...

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. A path traversal vulnerability exists in Allegra that stems from the saveFile feature containing a directory traversal remote code execution vulnerability...

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

CVE-2024-48779

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory...

CVE-2024-48779

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory...

CVE-2024-48779

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory...

kanboard -- Project Takeover via IDOR in ProjectPermissionController

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. I...

CVE-2023-33960 OpenProject vulnerable to project identifier information leakage through robots.txt

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

CVE-2023-32685 Clipboard based cross-site scripting (blocked with default CSP) in Kanboard

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document...

Projeqtor 安全漏洞

Projeqtor is a PHP-based open source project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A cross-site scripting vulnerability exists in Projeqtor 9.3.1 that allows an attacker ...

Sql injection

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress. A cross-site scripting vulnerability exists in JetBrains YouTrack, which stems from...