Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.14 views

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References6Affected Software7
OSV
OSV
added 2026/03/18 9:4 p.m.4 views

CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS6AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 9:4 p.m.12 views

CVE-2026-32703

OpenProject Open-Source project management software. Vulnerability in the Repositories module where filenames shown from repositories were not properly escaped, enabling a persisted XSS via crafted commit filenames. attacker with push access could inject HTML into filenames displayed on the repos...

9CVSS5.8AI score0.00189EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/18 9:4 p.m.5 views

EUVD-2026-12969

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS5.8AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 9:4 p.m.5 views

CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS5.8AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 9:4 p.m.22 views

CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26157

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with push access into the repository to create commits wit...

9CVSS5.8AI score0.00189EPSS
Exploits0References8
Rows per page
Query Builder