| CVE-2019-25713 | MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter | MyT | Project Management | High | 7.1 | 2026-04-12 12:28:57 | Deep Dive |
| CVE-2026-4165 | Worksuite HR, CRM and Project Management create cross site scripting | Worksuite | HR, CRM and Project Management | Low | 2.4 | 2026-03-15 05:02:08 | Deep Dive |
| CVE-2026-2289 | Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 4.4 | 2026-03-04 01:21:59 | Deep Dive |
| CVE-2026-2495 | WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter | qdonow | WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | High | 7.5 | 2026-02-18 08:26:04 | Deep Dive |
| CVE-2026-1640 | Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 4.3 | 2026-02-18 06:42:42 | Deep Dive |
| CVE-2026-1639 | Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.5 | 2026-02-18 05:29:17 | Deep Dive |
| CVE-2021-47819 | ProjeQtOr Project Management 9.1.4 - Remote Code Execution | Projeqtor | ProjeQtOr Project Management | Critical | 9.8 | 2026-01-15 15:52:16 | Deep Dive |
| CVE-2025-14068 | WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter | qdonow | WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | High | 7.5 | 2025-12-12 06:32:58 | Deep Dive |
| CVE-2025-12963 | LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation | lazycoders | LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart | Critical | 9.8 | 2025-12-12 03:20:55 | Deep Dive |
| CVE-2025-12876 | Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | projectopia | Projectopia – Project Management Tool | Medium | 5.3 | 2025-12-05 09:27:03 | Deep Dive |
| CVE-2025-8994 | WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-11-15 05:45:34 | Deep Dive |
| CVE-2025-11135 | pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization | pmTicket | Project-Management-Software | High | 7.3 | 2025-09-29 01:32:07 | Deep Dive |
| CVE-2025-8314 | Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter | emarket-design | Project Management, Bug and Issue Tracking Plugin – Software Issue Manager | Medium | 6.4 | 2025-08-12 04:25:41 | Deep Dive |
| CVE-2025-7886 | pmTicket Project-Management-Software class.database.php getUserLanguage sql injection | pmTicket | Project-Management-Software | High | 7.3 | 2025-07-20 11:32:05 | Deep Dive |
| CVE-2025-50061 | Oracle Construction and Engineering Suite 安全漏洞 | Oracle Corporation | Primavera P6 Enterprise Project Portfolio Management | Medium | 5.4 | 2025-07-15 19:27:35 | Deep Dive |
| CVE-2025-53660 | Jenkins plugin QMetry Test Management 安全漏洞 | Jenkins Project | Jenkins QMetry Test Management Plugin | - | - | 2025-07-09 15:39:33 | Deep Dive |
| CVE-2025-53659 | Jenkins plugin QMetry Test Management 安全漏洞 | Jenkins Project | Jenkins QMetry Test Management Plugin | - | - | 2025-07-09 15:39:32 | Deep Dive |
| CVE-2025-5304 | PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function | blafoley | PT Project Notebooks – Take Meeting minutes, create budgets, track task management, and more | Critical | 9.8 | 2025-06-28 05:29:51 | Deep Dive |
| CVE-2025-49974 | WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control Vulnerability | upstreamplugin | UpStream: a Project Management Plugin for WordPress | Medium | 4.3 | 2025-06-20 15:04:17 | Deep Dive |
| CVE-2025-3952 | Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion | projectopia | Projectopia – Project Management Tool | High | 8.1 | 2025-05-01 04:22:58 | Deep Dive |