CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

737 matches found

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.34414EPSS

Exploits0References1

OSV•added yesterday•3 views

GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

8.3CVSS6AI score

Exploits0References5

RedhatCVE•added 2 days ago•4 views

CVE-2026-10284

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

5.5CVSS5.8AI score0.00043EPSS

Exploits0References1

NVD•added 4 days ago•8 views

CVE-2026-10284

5.5CVSS0.00043EPSS

Exploits0References6

NVD•added 4 days ago•10 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.00043EPSS

Exploits0References6

ATTACKERKB•added 4 days ago•6 views

CVE-2026-10285

5.5CVSS5.4AI score0.00043EPSS

Exploits0References7

Cvelist•added 4 days ago•23 views

CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

5.5CVSS0.00043EPSS

Exploits0References6

CVE•added 4 days ago•8 views

CVE-2026-10285

The CVE-2026-10285 affects DevaslanPHP project-management (up to 2.0.0-beta1). The issue lies in KanbanScrumHelper::recordUpdated (file app/Helpers/KanbanScrumHelper.php) where manipulation leads to improper authorization, enabling a remote attack. The available sources do not specify exploit vec...

5.5CVSS5.4AI score0.00043EPSS

Exploits0References6

Cvelist•added 4 days ago•21 views

CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

5.5CVSS0.00043EPSS

Exploits0References6

Vulnrichment•added 4 days ago•4 views

CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

5.5CVSS5.8AI score0.00043EPSS

Exploits0References6

CNNVD•added 4 days ago•6 views

Project Management Authorization Vulnerabilities

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier had an authorization issue vulnerability. This vulnerability stems from an improper authorization in the...

5.5CVSS6.1AI score0.00043EPSS

Exploits0References6

Positive Technologies•added 4 days ago•7 views

PT-2026-45550

5.5CVSS5.4AI score0.00043EPSS

Exploits0References7

CNNVD•added 4 days ago•6 views

SOPlanning SQL injection vulnerability

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a SQL injection vulnerability. This vulnerability stemmed from multiple endpoints and parameters that were vulnerable to SQL injection attacks. It was possible fo...

8.8CVSS6AI score0.00067EPSS

Exploits0References2

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Sitejo HaPe PKH 代码问题漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a code vulnerability caused by a bypass of file type validation. This vulnerability could allow authenticated attackers to upload malicious files a...

8.8CVSS6.1AI score0.00067EPSS

Exploits0References4

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the id parameter, which may allow attackers to manipulate...

8.8CVSS5.9AI score0.0009EPSS

Exploits0References4

CVE•added 2026/05/26 9:15 p.m.•12 views

CVE-2026-9584

Code-projects Project Management System 1.0 is affected by a vulnerability in the Login chk.php component that allows remote SQL injection via an unspecified function. Exploitation is possible remotely and the exploit has been publicly disclosed, with exploit maturity listed as Proof-of-Concept. ...

7.5CVSS6.8AI score0.00039EPSS

Exploits0References5

Cvelist•added 2026/05/26 9:15 p.m.•24 views

CVE-2026-9584 code-projects Project Management System Login chk.php sql injection

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

7.5CVSS0.00039EPSS

Exploits0References5