VYPR
Vendor

Tuleap

Products
5
CVEs
48
Across products
65
Status
Private

Products

5

Recent CVEs

48
View all 48 CVEs →
  • CVE-2025-50567CriAug 19, 2025
    risk 0.65cvss 10.0epss 0.01

    Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading…

  • CVE-2026-1524CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.00

    An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization…

  • CVE-2021-43806HigDec 15, 2021
    risk 0.57cvss 8.8epss 0.02

    Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated…

  • CVE-2021-41155HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following…

  • CVE-2021-41154HigOct 18, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community…

  • CVE-2021-41148HigOct 15, 2021
    risk 0.57cvss 8.8epss 0.01

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to…

  • CVE-2024-30246HigMar 29, 2024
    risk 0.49cvss 7.6epss 0.01

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control…

  • CVE-2021-41147HigOct 15, 2021
    risk 0.47cvss 7.2epss 0.02

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard…

  • CVE-2021-43782MedDec 15, 2021
    risk 0.44cvss 6.7epss 0.01

    Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id…

  • CVE-2021-41276MedDec 15, 2021
    risk 0.44cvss 6.7epss 0.01

    Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could…

  • CVE-2023-38508MedAug 24, 2023
    risk 0.42cvss 6.5epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not…

  • CVE-2025-12922MedNov 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path traversal. The attack can be…

  • CVE-2023-23938MedApr 20, 2023
    risk 0.38cvss 5.9epss 0.00

    Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker…

  • CVE-2025-27094MedMar 3, 2025
    risk 0.35cvss 5.4epss 0.00

    Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field,…

  • CVE-2024-52599MedDec 9, 2024
    risk 0.35cvss 5.4epss 0.00

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in…

  • CVE-2023-48715MedDec 11, 2023
    risk 0.35cvss 5.4epss 0.01

    Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on…

  • CVE-2023-35929MedJul 25, 2023
    risk 0.35cvss 5.4epss 0.00

    Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible…

  • CVE-2023-30619MedMay 4, 2023
    risk 0.35cvss 5.4epss 0.00

    Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force…

  • CVE-2022-31128MedAug 1, 2022
    risk 0.35cvss 5.4epss 0.01

    Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can…

  • CVE-2021-41142MedOct 14, 2021
    risk 0.35cvss 5.4epss 0.01

    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the…