VYPR

Community Edition

by Tuleap

CVEs (22)

  • CVE-2025-50567CriAug 19, 2025
    risk 0.65cvss 10.0epss 0.01

    Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading…

  • CVE-2024-30246HigMar 29, 2024
    risk 0.49cvss 7.6epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control…

  • CVE-2025-12922MedNov 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path traversal. The attack can be…

  • CVE-2023-23938MedApr 20, 2023
    risk 0.38cvss 5.9epss 0.00

    Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker…

  • CVE-2023-48715MedDec 11, 2023
    risk 0.35cvss 5.4epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on…

  • CVE-2023-35929MedJul 25, 2023
    risk 0.35cvss 5.4epss 0.00

    Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible…

  • CVE-2025-52899MedJul 29, 2025
    risk 0.34cvss 5.3epss 0.00

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user…

  • CVE-2023-32072MedMay 29, 2023
    risk 0.31cvss 4.8epss 0.00

    Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A…

  • CVE-2025-64482MedNov 12, 2025
    risk 0.30cvss 4.6epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery…

  • CVE-2025-12921MedNov 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the argument xml_file leads to xml injection.…

  • CVE-2024-37167MedJun 25, 2024
    risk 0.28cvss 4.3epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

  • CVE-2022-46160MedDec 13, 2022
    risk 0.28cvss 4.3epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project…

  • CVE-2022-23473MedDec 13, 2022
    risk 0.28cvss 4.3epss 0.00

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also…

  • CVE-2026-24007Feb 2, 2026
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap is missing CSRF protection in the Overview inconsistent items. An attacker could use this vulnerability to trick victims into repairing inconsistent items (creating artifact links…

  • CVE-2025-63665Dec 19, 2025
    risk 0.00cvss epss 0.00

    An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.

  • CVE-2025-65962Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field…

  • CVE-2025-64760Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to…

  • CVE-2025-64499Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through…

  • CVE-2025-64498Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker…

  • CVE-2025-64497Dec 8, 2025
    risk 0.00cvss epss 0.00

    Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in…

Page 1 of 2