Morelitea

Initiative

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-28276

  • EPSS 0.13%
  • Veröffentlicht 26.02.2026 22:57:36
  • Zuletzt bearbeitet 27.02.2026 19:06:01

Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/ directory without any authentication or au...

8.1

CVE-2026-28275

Exploit
  • EPSS 0.04%
  • Veröffentlicht 26.02.2026 22:56:07
  • Zuletzt bearbeitet 27.02.2026 19:07:07

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration an...

8.7

CVE-2026-28274

Exploit
  • EPSS 0.07%
  • Veröffentlicht 26.02.2026 22:55:01
  • Zuletzt bearbeitet 27.02.2026 19:07:37

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting (XSS) in the document upload functionality. Any user with upload permissions within the "Initiatives" s...