29 matches found
CVE-2026-24775 OpenProject has Forced Actions, Content Spoofing, and Persistent DoS via ID Manipulation in OpenProject Blocknote Editor Extension
OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...
CVE-2026-24775
OpenProject 17.0.0 added a BlockNote editor extension that may expose internal resources. The vulnerability (CVE-2026-24775) arises because the extension does not properly validate the work package ID when loading details via the OpenProject API, allowing an attacker to craft documents with relat...
CVE-2026-24775
OpenProject is an open-source, web-based project management software. In the new editor for collaborative documents based on BlockNote, OpenProject maintainers added a custom extension in OpenProject version 17.0.0 that allows to mention OpenProject work packages in the document. To show work...
PT-2026-5180
Name of the Vulnerable Software and Affected Versions OpenProject versions 17.0.0 through 17.0.1 Description OpenProject is a web-based project management software. A flaw exists in the BlockNote editor extension introduced in version 17.0.0, which allows mentioning OpenProject work packages with...
CVE-2026-22600
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
EUVD-2026-1887
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder
OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...
MAL-2026-149 Malicious code in bnia-work (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f78b12fa102dbd32d8d3a27c016f7b790124a3a73bdf1970768799e120183c30 The package bnia-work was found to contain malicious code. Source: ghsa-malware 2583fa3177342feb8975727c7ad5873d1a1e7bea2ce3ce445343aaa9a0b3459b Any...