3 matches found
CVE-2026-52782
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...
CVE-2026-52782 OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized Resources
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/projectstorages/ via PATCH parameter "storagesprojectstorageprojectfolderid" leads to Access to Unauthorized Resources. A project-admin in one project can...
Malicious code in fsevents (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acdc3ae57250fab51aeff6e3938ed40197a1b74eb688a72cd5d7eee0c77a7167 This advisory is intended to inform the npm ecosystem with details to resolve a third-party malware incident that may have impacted your infrastructure i...