Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Enalean — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting Enalean. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Enalean develops enterprise software solutions, primarily known for the Bugzilla bug tracking system and the Phabricator suite, which facilitate project management and code review for large-scale technical organizations. Historically, vulnerabilities within these platforms have frequently involved cross-site scripting (XSS), SQL injection, and improper access control mechanisms that could lead to privilege escalation. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) reflects the complexity of these web-based applications and the rigorous scrutiny applied to their codebases. While no single catastrophic breach has defined the company’s public security history, the persistent nature of these flaws underscores the challenges inherent in maintaining secure, feature-rich collaboration tools. Security updates are regularly deployed to address these issues, emphasizing the need for administrators to maintain strict patching schedules to mitigate risks associated with unpatched instances.

Found 62 results / 62Clear Filters
Top products by Enalean: tuleap
CVE IDTitleCVSSSeverityPublished
CVE-2026-24007 Tuleap is missing CSRF protection in the Overview inconsistent items — tuleapCWE-352 4.6 Medium2026-02-02
CVE-2025-65962 Tuleap has missing CSRF protections its in tracker field dependencies — tuleapCWE-352 4.6 Medium2025-12-08
CVE-2025-64760 Tuleap has missing CSRF protections in its tracker trigger management system — tuleapCWE-352 4.6 Medium2025-12-08
CVE-2025-64499 Tuleap is missing CSRF protections for its planning management API — tuleapCWE-352 4.6 Medium2025-12-08
CVE-2025-64498 Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability — tuleapCWE-352 4.6 Medium2025-12-08
CVE-2025-64497 Tuleap exposes releases for all projects to File Release System project administrators — tuleapCWE-639 6.5 Medium2025-12-08
CVE-2025-64482 Tuleap missing CSRF protections in the File Release System — tuleapCWE-352 4.6 Medium2025-11-12
CVE-2025-64117 Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags — tuleapCWE-352 4.6 Medium2025-11-12
CVE-2025-59040 Tuleap backlog item representations do not verify the permissions of the child trackers — tuleapCWE-280 4.3 Medium2025-09-18
CVE-2025-54877 Tuleap's special and always there fields permissions are not verified in cross-tracker search — tuleapCWE-863 5.3 Medium2025-08-29
CVE-2025-53902 Tuleap exposes artifacts to a mentioned user via email notifications — tuleapCWE-863 4.3 Medium2025-07-29
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact — tuleapCWE-79 5.4 Medium2025-07-29
CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form — tuleapCWE-204 5.3 Medium2025-07-29
CVE-2025-50179 Tuleap missing CSRF protection on tracker reports manipulation — tuleapCWE-352 4.6 Medium2025-06-25
CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration — tuleapCWE-352 4.6 Medium2025-06-25
CVE-2025-30155 Tuleap does not enforce read permissions on parent trackers in the REST API — tuleapCWE-863 4.3 Medium2025-03-31
CVE-2025-30209 Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin — tuleapCWE-863 5.3 Medium2025-03-31
CVE-2025-30203 Tuleap allows XSS via the content of RSS feeds in the RSS widgets — tuleapCWE-84 4.8 Medium2025-03-31
CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration — tuleapCWE-352 4.6 Medium2025-03-31
CVE-2025-29766 Tuleap has missing CSRF protections on artifact submission & edition from the tracker view — tuleapCWE-352 4.6 Medium2025-03-31
CVE-2025-27402 Tuleap is missing CSRF protections on tracker fields administrative operations — tuleapCWE-352 4.6 Medium2025-03-04
CVE-2025-27401 In Tuleap, deleting a report can delete criteria filters in other reports — tuleapCWE-440 4.6 Medium2025-03-04
CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features — tuleapCWE-79 4.1 Medium2025-03-04
CVE-2025-27150 Tuleap dumps the Redis password into the generated troubleshooting archives — tuleapCWE-538 5.3 Medium2025-03-04
CVE-2025-27099 Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message — tuleapCWE-80 4.8 Medium2025-03-03
CVE-2025-27094 Tuleap allows default values to be cleared from field configuration — tuleapCWE-440 5.4 Medium2025-03-03
CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap — tuleapCWE-280 4.3 Medium2025-02-03
CVE-2025-24029 Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap — tuleapCWE-280 5.3 Medium2025-02-03
CVE-2024-52599 Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin — tuleapCWE-79 5.4 Medium2024-12-09
CVE-2024-47767 Tuleap lists trackers in the quick add actions of the backlog without any permissions check — tuleapCWE-280 4.3 Medium2024-10-14

This page lists every published CVE security advisory associated with Enalean. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.