Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.6 views

CVE-2026-25763

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.9CVSS5.6AI score0.00461EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 10:10 p.m.6 views

EUVD-2026-5556

OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint /projects/:projectid/repository/changes when rendering the “latest changes” view via git log. By...

9.4CVSS5.6AI score0.00461EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.8 views

PT-2026-6805

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.7 OpenProject versions prior to 17.0.3 Description OpenProject is a web-based project management software. A flaw exists in the repository changes endpoint '/projects/:project id/repository/changes' when...

9.9CVSS6.6AI score0.00461EPSS
Exploits0References11
CVE
CVE
added 2026/01/28 4:47 p.m.17 views

CVE-2026-24685

CVE-2026-24685 affects OpenProject prior to 16.6.6 and 17.0.2. The vulnerability arises in the repository diff download endpoint when rendering a single revision with git show; an attacker can inject git show options by supplying a crafted rev (e.g., rev=--output=/tmp/poc.txt), causing OpenProjec...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/28 4:47 p.m.21 views

CVE-2026-24685

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/28 4:47 p.m.10 views

EUVD-2026-4879

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 4:47 p.m.6 views

CVE-2026-24685 OpenProject has Argument Injection on Repository module that allows Arbitrary File Write

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint /projects/:projectid/repository/diff.diff when rendering a single revision via git show. By...

9.4CVSS5.8AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2023/04/24 9:17 p.m.30 views

CVE-2023-30628 Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

8.8CVSS8.9AI score0.03596EPSS
Exploits1References7
Prion
Prion
added 2022/03/14 2:15 a.m.30 views

Server side request forgery (ssrf)

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery SSRF vulnerability...

4CVSS4.6AI score0.00754EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder