Lucene search
+L

29 matches found

Vulnrichment
Vulnrichment
added 2026/01/28 6:10 p.m.9 views

CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/01/28 6:10 p.m.20 views

CVE-2026-24775

OpenProject 17.0.0 added a BlockNote editor extension that may expose internal resources. The vulnerability (CVE-2026-24775) arises because the extension does not properly validate the work package ID when loading details via the OpenProject API, allowing an attacker to craft documents with relat...

7.3CVSS6AI score0.00105EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:10 p.m.6 views

CVE-2026-24775

OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...

6.3CVSS6AI score0.00105EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.15 views

PT-2026-5180

Name of the Vulnerable Software and Affected Versions OpenProject versions 17.0.0 through 17.0.1 Description OpenProject is a web-based project management software. A flaw exists in the BlockNote editor extension introduced in version 17.0.0, which allows mentioning OpenProject work packages with...

7.3CVSS5.6AI score0.00105EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22600

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS6.4AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 1:6 a.m.28 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/10 1:6 a.m.7 views

EUVD-2026-1887

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS6AI score0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/10 1:6 a.m.4 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS6.2AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 1:1 a.m.8 views

MAL-2026-149 Malicious code in bnia-work (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f78b12fa102dbd32d8d3a27c016f7b790124a3a73bdf1970768799e120183c30 The package bnia-work was found to contain malicious code. Source: ghsa-malware 2583fa3177342feb8975727c7ad5873d1a1e7bea2ce3ce445343aaa9a0b3459b Any...

6.8AI score
Exploits0References1
Rows per page
Query Builder