CVE-2026-23625

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

@accordproject/cicero-cli (>=0.20.11-20200710202320 <=0.24.1-20230906105323), @accordproject/cicero-core (>=0.20.11-20200710202320 <=0.24.1-20231019080841) +22 more potentially affected by unknown CVE via @accordproject/markdown-it-cicero (>=0.11.4-20200710154317 <=0.16.20-20230811084906)

@accordproject/markdown-it-cicero NPM version =0.11.4-20200710154317, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.20.11-20200710202320, =0.22.2-20210714131804, =0.20.11-20200714172106, =0.20.11-20200714172106, =0.20.11-20200714172106,...

CVE-2022-40264

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package...

Mitsubishi Electric GENESIS64 路径遍历漏洞

Mitsubishi Electric GENESIS64 is a SCADA package from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric GENESIS64 versions 10.96 through 10.97.2, which exploits a vulnerability that could allow an unauthenticated attacker to create, tamper with, or corrupt an...

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +104 more potentially affected by CVE-2020-7677 via thenify (>=2.0.0 <=3.3.0)

thenify NPM version =2.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: OSV:GHSA-29XR-V42J-R956...

@accordproject/cicero-cli (>=0.3.4 <=0.24.1-20231019073743), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +450 more potentially affected by CVE-2022-1233 via urijs (>=1.16.1 <=1.19.10)

urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...

@accordproject/cicero-cli (>=0.2.48 <=0.8.0-20181025052931), @accordproject/cicero-common (>=0.2.50 <=0.3.17-20180604161941) +102 more potentially affected by CVE-2020-7677 via thenify (>=3.0.0 <=3.3.0)

thenify NPM version =3.0.0, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.0.36, =0.0.37, =0.1.0, =0.1.0, =2.1.1, =0.1.0, =0.2.2 and more Source cves: CVE-2020-7677 Source advisory: SNYK:JS-THENIFY-571690...

@accordproject/cicero-cli (>=0.13.1 <=0.13.5-20190807130647), @accordproject/cicero-core (>=0.13.1 <=0.13.5-20190807130647) +44 more potentially affected by unknown CVE via acorn (>=5.5.0 <=5.7.3)

acorn NPM version =5.5.0, =0.13.1, =0.13.1, =0.13.1, =0.13.1, =0.13.1, =0.13.8, =0.5.0, =0.0.10, =2.0.1-pr.0, =12.0.0, =1.2.2, =0.6.0, =1.1.1, =5.0.1 - @devsnicket/eunice-analyzer =0.36.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6CHW-6FRG-F759...