EUVD-2023-42309

Malicious code in bioql PyPI...

EUVD-2022-52758

Malicious code in bioql PyPI...

EUVD-2025-8852

Malicious code in bioql PyPI...

EUVD-2024-28177

Malicious code in bioql PyPI...

EUVD-2025-6009

Malicious code in bioql PyPI...

EUVD-2025-7730

Malicious code in bioql PyPI...

CVE-2024-39902

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissio...

CVE-2022-46160

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to...

CVE-2025-29929

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting XSS via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force...

CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

CVE-2025-27150

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access t...

CVE-2025-27401

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the...

CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability i...

CVE-2025-27094 Tuleap allows default values to be cleared from field configuration

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute...

CVE-2025-22129

CVE-2025-22129 affects Tuleap (community and enterprise editions) where an unauthorized user could access restricted information. The issue is addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2; users should upgrade. Th...

CVE-2024-23344 Tuleap's content of artifacts might be readable by unauthorized users

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users e.g. mail notifications. This issue has been patched in version 15.4.99.140 of Tuleap...

CVE-2022-39233 Tuleap subject to Missing Authorization allowing for branch prefix modification

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users ca...

GForge GroupJoinRequest.class远程SQL注入漏洞

BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入，远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...