Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

334 New today
66,069 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
294
Jun 23
355
Jun 24
376
Jun 25
386
Jun 26
20
Jun 27
Critical
High
Medium
Low
Latest
CVE CVSS 8.2

OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others “storage..httpx_access_token” leads to Sensitive Data Exposure_CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, repopul...

CVE-2026-52783 opf openproject < 17.3.3
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.9 CVE-2026-52782

OpenProject: IDOR through /projects//settings/project_storages/ via PATCH parameter “storages_project_storage[project_folder_id]” leads to Access to Unauthorized Resources_CVE-2026-52782

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects//settings/project...

opf openproject < 17.3.3 CVE
MEDIUM 6.4 CVE-2026-52781

OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter “description”_CVE-2026-52781

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted dat...

opf openproject < 17.3.3 CVE
CRITICAL 9.6 CVE-2026-52780

OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)_CVE-2026-52780

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution...

opf openproject < 17.3.3 CVE
MEDIUM 5.4 CVE-2026-52779

OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects_CVE-2026-52779

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusi...

opf openproject < 17.3.3 CVE
HIGH 7.5 CVE-2026-47193

OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks_CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historica...

opf openproject < 17.3.3 CVE
MEDIUM 4.3 CVE-2026-55838

RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics_CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metric...

rustfs rustfs <= 1.0.0-beta.7 CVE
HIGH 7.7 CVE-2026-55189

RustFS: FTP frontend skips IAM authorization on object reads_CVE-2026-55189

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read ...

rustfs rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8 CVE
HIGH 8.2 CVE-2026-55188

RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials_CVE-2026-55188

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the ...

rustfs rustfs >= 1.0.0-alpha.1, <= 1.0.0-beta.8 CVE
HIGH 8.6 CVE-2026-49991

RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection_CVE-2026-49991

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucke...

rustfs rustfs 1.0.0-beta.4 CVE