EUVD-2026-10560

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

CVE-2026-24055

Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client without authentication or authorization. The projectId is preserved throughout the OAuth flow,...

EUVD-2006-3336

Malware in sbrugna...

EUVD-2025-24073

Malicious code in bioql PyPI...

CVE-2025-8795 LitmusChaos Litmus login access control

A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper access control of the parameter projectID in the file /auth/login, which could lea...

PT-2025-32469 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos Litmus versions prior to 3.19.1 Description: A critical vulnerability exists in LitmusChaos Litmus. The issue affects an unknown part of the /auth/login file. Manipulation of the projectID argument results in improper access...

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

CVE-2018-11517

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0=0 requests to TCP port 11010...

CVE-2024-1626

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

CVE-2024-1626

CVE-2024-1626 affects lunary-ai/lunary (version 0.3.0). Affected component: project update endpoint /v1/projects/:projectId. Root cause: insufficient authorization checks allow authenticated users to modify any project’s name by referencing a projectId not owned by them, enabling cross-organizati...

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

Sql injection

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

CVE-2024-25222

CVE-2024-25222 affects Task Manager App v1.0, with a SQL injection vulnerability in the /TaskManager/EditProject.php endpoint, exploitable via the projectID parameter. The CVSSv3.1 vector/metrics indicate a CRITICAL impact (CVSS 9.8; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Connected sources confirm...

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php...

CVE-2018-20232

The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the rendering of retrieved content from a url location that could be...

CVE-2007-4265

Multiple cross-site scripting XSS vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 projectIssueId parameter in EditProjectIssue.do, the 2 projectId parameter in ProjectSelected.do, the 3 folderId parameter in...

CVE-2007-4265

Multiple cross-site scripting XSS vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 projectIssueId parameter in EditProjectIssue.do, the 2 projectId parameter in ProjectSelected.do, the 3 folderId parameter in...

LightRO CMS 1.0 - 'index.php?projectid' SQL Injection

exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2 ifdocument.form1.field1.value=="" alert"Exploit...