| ベンダー | プロダクト | Version Range | ステータス |
|---|---|---|---|
| opf | openproject | < 17.4.0 | affected |
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| opf | openproject | < 17.4.0 | - |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2026-52782 | 9.9 CRITICAL | OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH para |
| CVE-2026-52785 | 9.9 CRITICAL | OpenProject: SQL injection in timestamps functionality |
| CVE-2026-46386 | 9.9 CRITICAL | OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `S |
| CVE-2026-52780 | 9.6 CRITICAL | OpenProject: Cache store poisoning leads to Remote Code Execution (RCE) |
| CVE-2026-52784 | 8.8 HIGH | OpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]" |
| CVE-2026-52783 | 8.2 HIGH | OpenProject: Information Disclosure (cleartext storage of data) on localhost through memca |
| CVE-2026-47193 | 7.5 HIGH | OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks |
| CVE-2026-44734 | 6.5 MEDIUM | OpenProject: Improper Access Control on OpenProject through the POST request to /projects/ |
| CVE-2026-44736 | 6.5 MEDIUM | OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Pa |
| CVE-2026-44735 | 6.5 MEDIUM | OpenProject: Shares API Information Disclosure |
| CVE-2026-52781 | 6.4 MEDIUM | OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work |
| CVE-2026-44733 | 5.9 MEDIUM | OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me |
| CVE-2026-44696 | 5.7 MEDIUM | OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing ove |
| CVE-2026-52779 | 5.4 MEDIUM | OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team P |
| CVE-2026-44731 | 4.3 MEDIUM | OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetin |
| CVE-2026-44732 | 4.3 MEDIUM | OpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "proje |
まだコメントはありません