CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•5 views

CVE-2026-44735

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS0.0027EPSS

Cvelist•added 4 days ago•21 views

CVE-2026-44735 OpenProject: Shares API Information Disclosure

6.5CVSS0.0027EPSS

CVE•added 4 days ago•7 views

CVE-2026-44735

Technical details for CVE-2026-44735 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.0027EPSS

RedhatCVE•added 4 days ago•9 views

CVE-2026-53103

A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt7925rocabortsync function. This vulnerability can lead to a deadlock condition when rocabortsync attempts to cancel a work item rocwork while rocwork is already holding a mutex. This situation can occur during Wi-Fi...

5.5CVSS5.7AI score0.00166EPSS

Cvelist•added 4 days ago•21 views

CVE-2026-44736 OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS

CVE•added 4 days ago•9 views

CVE-2026-44736

OpenProject vulnerability CVE-2026-44736 affects the OpenProject web-based project management platform. The flaw exists in the GET /api/v3/relations endpoint prior to version 17.4.0, allowing any authenticated user to retrieve relations and the titles of work packages they should not have permiss...

6.5CVSS5.9AI score0.00286EPSS

Cvelist•added 4 days ago•27 views

CVE-2026-52781 OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter "description"

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted data- attributes via :data wildcard. An attacker injects data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount ...

6.4CVSS0.0015EPSS

CVE•added 4 days ago•11 views

CVE-2026-52781

OpenProject CVE-2026-52781 affects the open-source, web-based project management software. Prior to versions 17.3.3 and 17.4.1, the HTML sanitizer allowed elements to have unrestricted data-* attributes via a :data wildcard. An attacker could inject data-controller="poll-for-changes" into a work...

6.4CVSS5.9AI score0.0015EPSS

CVE•added 4 days ago•12 views

CVE-2026-52785

OpenProject prior to versions 17.3.3 and 17.4.1 contains a SQL injection in the timestamps functionality. The vulnerability is tied to the baseline comparison feature, where the timestamps parameter can be used to request historic work-package attributes. The issue is fixed in 17.3.3 and 17.4.1. ...

9.9CVSS5.8AI score0.00221EPSS

RedHat Linux•added 5 days ago•5 views

kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()

A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...

7.8CVSS5.8AI score0.00129EPSS

Exploits0References5

NVD•added 5 days ago•6 views

CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS0.00466EPSS

Cvelist•added 5 days ago•27 views

CVE-2026-53198 ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL

8.8CVSS0.00466EPSS

ATTACKERKB•added 5 days ago•5 views

CVE-2026-53198

8.8CVSS5.6AI score0.00466EPSS

Exploits0References7Affected Software1

EUVD•added 5 days ago•4 views

EUVD-2026-39289

5.7AI score0.00466EPSS

CVE•added 5 days ago•10 views

CVE-2026-53198

The CVE-2026-53198 issue affects ksmbd in the Linux kernel: a deferred byte-range lock (SMB2_LOCK) uses async_work with a cancel_fn (smb2_remove_blocked_lock) and cancel_argv pointing to a file_lock. If a second SMB2_CANCEL arrives before release_async_work(), the cancel callback can run again on...

8.8CVSS5.7AI score0.00466EPSS

Tenable Nessus•added 5 days ago•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does...

5.8AI score0.00157EPSS

RedhatCVE•added 6 days ago•10 views

CVE-2026-53100

A flaw was found in the Linux kernel's mt76 wireless driver. This vulnerability occurs in the remain-on-channel functionality, where the mt76remainonchannel and mt76roccomplete functions attempt to acquire a mutex that is already held. This improper handling of the device mutex can lead to a syst...

5.5CVSS5.8AI score0.00166EPSS

NVD•added 6 days ago•8 views

CVE-2026-53129

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

0.00157EPSS