PT-2026-31642

Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...

JetBrains YouTrack Denial of Service Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. A denial of service vulnerability exists in JetBrains YouTrack, which can be exploited by an attacker to execute a regular expression resulting in a denial of service...

JetBrains YouTrack Improper Access Control Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an improper access control vulnerability that stems from allowing project names to be listed without authentication during application import. A...

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a cross-site scripting vulnerability that stems from insecure link cleaning. No detailed vulnerability details are provided at this time...

CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

qdPM Path Traversal Vulnerability

qdPM is a web-based open source project management tool. A security vulnerability exists in qdPM version 9.2 that stems from the presence of a directory traversal vulnerability. Allows an attacker to list files and directories by navigating to the /uploads URI...

JetBrains YouTrack 注入漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...

qdPM 9.1 - search[keywords] Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software...