Opf Latest High Vulnerabilities

Web-based project management software vulnerability in OpenProject by OPF

CVE-2026-46386

OpfOpenproject9.9CRITICAL

Remote Code Execution Vulnerability in OpenProject by OpenProject Foundation

CVE-2026-52780

OpfOpenproject9.6CRITICAL

Disclosure of Historical Field Values in OpenProject by OPF

CVE-2026-47193

OpfOpenproject7.5HIGH

Improper Access Control in OpenProject Affects Project Management Systems

CVE-2026-52782

OpfOpenproject9.9CRITICAL

OpenProject Vulnerability Exposing OAuth Access Tokens in Plaintext

CVE-2026-52783

OpfOpenproject8.2HIGH

CSRF Vulnerability in OpenProject Software from OpenProject Foundation

CVE-2026-52784

OpfOpenproject8.8HIGH

SQL Injection Vulnerability in OpenProject Web-Based Project Management Software

CVE-2026-52785

OpfOpenproject9.9CRITICAL

2FA Bypass Vulnerability in OpenProject by OpenProject Foundation

CVE-2026-33667

OpfOpenproject7.4HIGH

SQL Injection Vulnerability in OpenProject by OpenProject Foundation

CVE-2026-34717

OpfOpenproject9.9CRITICAL

Cross-Site Scripting Vulnerability in OpenProject Project Management Software

CVE-2026-32703

OpfOpenproject9.1CRITICAL

SQL Injection Vulnerability in OpenProject by OpenProject

CVE-2026-32698

OpfOpenproject9.1CRITICAL

Arbitrary File Write Vulnerability in OpenProject by OPF

CVE-2026-25763

OpfOpenproject9.4CRITICAL

OpenProject Web-Based Project Management Software Vulnerability

CVE-2026-24772

OpfOpenproject8.9HIGH

Arbitrary File Write Vulnerability in OpenProject by OpenProject Foundation

CVE-2026-24685

OpfOpenproject9.4CRITICAL

Stored Cross-Site Scripting Vulnerability in OpenProject Project Management Software

CVE-2026-23625

OpfOpenproject8.7HIGH

Command Execution Vulnerability in OpenProject by OpenProject Community

CVE-2026-22601

OpfOpenproject8.6HIGH

Local File Read Vulnerability in OpenProject by OpenProject

CVE-2026-22600

OpfOpenproject9.1CRITICAL

Stored XSS in Cost Report feature via {icon} substitution

CVE-2024-35224

OpfOpenproject7.6HIGH

OpenProject vulnerable to project identifier information leakage through robots.txt

CVE-2023-33960

opfopenproject7.5HIGH

SQL injection in OpenProject

CVE-2021-43830

OpfOpenproject7.4HIGH

opf Latest High & Critical Vulnerabilities

Vulnerability Published:

Sort By:

26 June 2026

Web-based project management software vulnerability in OpenProject by OPF

Remote Code Execution Vulnerability in OpenProject by OpenProject Foundation

Disclosure of Historical Field Values in OpenProject by OPF

Improper Access Control in OpenProject Affects Project Management Systems

OpenProject Vulnerability Exposing OAuth Access Tokens in Plaintext

CSRF Vulnerability in OpenProject Software from OpenProject Foundation

SQL Injection Vulnerability in OpenProject Web-Based Project Management Software

15 April 2026

2FA Bypass Vulnerability in OpenProject by OpenProject Foundation

2 April 2026

SQL Injection Vulnerability in OpenProject by OpenProject Foundation

18 March 2026

Cross-Site Scripting Vulnerability in OpenProject Project Management Software

SQL Injection Vulnerability in OpenProject by OpenProject

6 February 2026

Arbitrary File Write Vulnerability in OpenProject by OPF

28 January 2026

OpenProject Web-Based Project Management Software Vulnerability

Arbitrary File Write Vulnerability in OpenProject by OpenProject Foundation

19 January 2026

Stored Cross-Site Scripting Vulnerability in OpenProject Project Management Software

10 January 2026

Command Execution Vulnerability in OpenProject by OpenProject Community

Local File Read Vulnerability in OpenProject by OpenProject

23 May 2024

Stored XSS in Cost Report feature via {icon} substitution

1 June 2023

OpenProject vulnerable to project identifier information leakage through robots.txt

14 December 2021

SQL injection in OpenProject