CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

EUVD-2021-17100

Malware in sbrugna...

EUVD-2021-29300

Malicious code in bioql PyPI...

BIT-REDMINE-2021-30163

Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to projectid values...

CVE-2023-47260

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails...

CVE-2022-44637

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...

CVE-2022-44030

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2021-29274

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip...