CVE search
362,414 resultsCVE-2026-29509MEDIUMPatool < 4.0.5 Path Traversal via safe_extract() FunctionEPSS 0.3%CVE-2026-44696MEDIUMOpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltrationEPSS 0.2%CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%CVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS 0.3%CVE-2026-46386CRITICALOpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`EPSS 0.3%CVE-2026-52780CRITICALOpenProject: Cache store poisoning leads to Remote Code Execution (RCE)EPSS 0.2%CVE-2026-52779MEDIUMOpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projectsEPSS 0.2%CVE-2026-47193HIGHOpenProject: Journal diff endpoint bypasses object, journal, and field visibility checksEPSS 0.3%CVE-2026-52781MEDIUMOpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter "description"EPSS 0.1%CVE-2026-52782CRITICALOpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized ResourcesEPSS 0.3%CVE-2026-52783HIGHOpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data ExposureEPSS 0.1%CVE-2026-52784HIGHOpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"EPSS 0.2%CVE-2026-52785CRITICALOpenProject: SQL injection in timestamps functionalityEPSS 0.2%CVE-2026-13372HIGHIncorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.EPSS 0.3%CVE-2026-54753MEDIUMNx: `nx graph` dev server permissive CORS policyEPSS 0.8%CVE-2026-48090MEDIUMEnvoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)EPSS 0.6%CVE-2026-47220HIGHEnvoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log formatEPSS 0.5%CVE-2026-47205MEDIUMEnvoy: ext_authz Use-After-Free during Stream Teardown with Per-Route OverridesEPSS 0.4%CVE-2026-47692MEDIUMEnvoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application streamEPSS 0.2%CVE-2026-47207MEDIUMEnvoy crashes if multiple unexpected ext_proc responses are packed into one gRPC messageEPSS 0.4%