Busca de CVEs
361.526 resultadosCVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS —CVE-2026-46386CRITICALOpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`EPSS —CVE-2026-52780CRITICALOpenProject: Cache store poisoning leads to Remote Code Execution (RCE)EPSS —CVE-2026-52779MEDIUMOpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projectsEPSS —CVE-2026-47193HIGHOpenProject: Journal diff endpoint bypasses object, journal, and field visibility checksEPSS —CVE-2026-52781MEDIUMOpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter "description"EPSS —CVE-2026-52782CRITICALOpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized ResourcesEPSS —CVE-2026-52783HIGHOpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data ExposureEPSS —CVE-2026-52784HIGHOpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"EPSS —CVE-2026-52785CRITICALOpenProject: SQL injection in timestamps functionalityEPSS —CVE-2026-13372HIGHIncorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.EPSS —CVE-2026-54753MEDIUMNx: `nx graph` dev server permissive CORS policyEPSS —CVE-2026-48090MEDIUMEnvoy HTTP: OAuth2 filter late async token completion after stream teardown (UAF / crash risk)EPSS —CVE-2026-47220HIGHEnvoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log formatEPSS —CVE-2026-47205MEDIUMEnvoy: ext_authz Use-After-Free during Stream Teardown with Per-Route OverridesEPSS —CVE-2026-47692MEDIUMEnvoy: PROXY Protocol v2 header generator emits "skipped" TLVs, causing 65 KB attacker-controlled spillover into the upstream application streamEPSS —CVE-2026-47207MEDIUMEnvoy crashes if multiple unexpected ext_proc responses are packed into one gRPC messageEPSS —CVE-2026-48706MEDIUMEnvoy Heap Buffer Overflow in TcpStatsdSinkEPSS —CVE-2026-47204MEDIUMEnvoy: grpc_stats filter segfault on Connect protocol requests to direct_response routesEPSS —CVE-2026-47221MEDIUMEnvoy: Null pointer deref in internal redirectsEPSS —