Vulnerabilities in opf
34 resultsCVE-2023-33960HIGHOpenProject vulnerable to project identifier information leakage through robots.txtEPSS 1.3%CVE-2021-43830HIGHSQL injection in OpenProjectEPSS 0.9%CVE-2021-32763MEDIUMRegular Expression Denial of Service in OpenProject forum messagesEPSS 0.9%CVE-2023-31140MEDIUMOpenProject user sessions not terminated after activation of 2FAEPSS 0.9%CVE-2026-25763CRITICALCommand Injection on OpenProject repositories leads to Remote Code ExecutionEPSS 0.5%CVE-2024-35224HIGHStored Cross-Site Scripting (XSS) in OpenProjectEPSS 0.3%CVE-2026-22601HIGHOpenProject is Vulnerable to Code Execution in E-Mail functionEPSS 0.3%CVE-2026-30235MEDIUMBusiness Logic Error on OpenProject through hyperlinks in markdown using DOM clobberingEPSS 0.3%CVE-2026-24777MEDIUMOpenProject has Improper Access Control on User Management allows user managers to lock admin accountsEPSS 0.3%CVE-2024-41801MEDIUMOpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configurationEPSS 0.3%CVE-2026-24685CRITICALOpenProject has Argument Injection on Repository module that allows Arbitrary File WriteEPSS 0.3%CVE-2026-23646MEDIUMOpenProject users can delete other user's session, causing them to be logged outEPSS 0.3%CVE-2026-30234MEDIUMOpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)EPSS 0.3%CVE-2026-33667HIGHOpenProject: 2FA OTP Verification Missing Rate LimitingEPSS 0.3%CVE-2026-22600CRITICALOpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG CoderEPSS 0.3%CVE-2025-24892LOWOpenProject stored HTML injection vulnerabilityEPSS 0.3%CVE-2026-34717CRITICALOpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_stringEPSS 0.3%CVE-2026-32698CRITICALOpenProject has a SQL Injection via Custom Field Name that can be chained to Remote Code ExecutionEPSS 0.3%CVE-2026-22602LOWOpenProject is Vulnerable to User Enumeration via User IDEPSS 0.3%CVE-2026-22604MEDIUMOpenProject is vulnerable to user enumeration via the change password functionEPSS 0.3%