| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24007 | Tuleap is missing CSRF protection in the Overview inconsistent items | Enalean | tuleap | Medium | 4.6 | 2026-02-02 19:52:51 | Deep Dive |
| CVE-2025-65962 | Tuleap has missing CSRF protections its in tracker field dependencies | Enalean | tuleap | Medium | 4.6 | 2025-12-08 23:15:03 | Deep Dive |
| CVE-2025-64760 | Tuleap has missing CSRF protections in its tracker trigger management system | Enalean | tuleap | Medium | 4.6 | 2025-12-08 23:08:22 | Deep Dive |
| CVE-2025-64499 | Tuleap is missing CSRF protections for its planning management API | Enalean | tuleap | Medium | 4.6 | 2025-12-08 22:44:30 | Deep Dive |
| CVE-2025-64498 | Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability | Enalean | tuleap | Medium | 4.6 | 2025-12-08 22:36:26 | Deep Dive |
| CVE-2025-64497 | Tuleap exposes releases for all projects to File Release System project administrators | Enalean | tuleap | Medium | 6.5 | 2025-12-08 22:28:49 | Deep Dive |
| CVE-2025-64482 | Tuleap missing CSRF protections in the File Release System | Enalean | tuleap | Medium | 4.6 | 2025-11-12 21:37:25 | Deep Dive |
| CVE-2025-64117 | Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags | Enalean | tuleap | Medium | 4.6 | 2025-11-12 19:12:42 | Deep Dive |
| CVE-2025-59040 | Tuleap backlog item representations do not verify the permissions of the child trackers | Enalean | tuleap | Medium | 4.3 | 2025-09-18 14:28:42 | Deep Dive |
| CVE-2025-54877 | Tuleap's special and always there fields permissions are not verified in cross-tracker search | Enalean | tuleap | Medium | 5.3 | 2025-08-29 15:07:55 | Deep Dive |
| CVE-2025-53902 | Tuleap exposes artifacts to a mentioned user via email notifications | Enalean | tuleap | Medium | 4.3 | 2025-07-29 19:36:11 | Deep Dive |
| CVE-2025-53541 | Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact | Enalean | tuleap | Medium | 5.4 | 2025-07-29 19:27:39 | Deep Dive |
| CVE-2025-52899 | Tuleap vulnerable to user enumeration via the lost password form | Enalean | tuleap | Medium | 5.3 | 2025-07-29 19:16:36 | Deep Dive |
| CVE-2025-50179 | Tuleap missing CSRF protection on tracker reports manipulation | Enalean | tuleap | Medium | 4.6 | 2025-06-25 15:48:24 | Deep Dive |
| CVE-2025-48991 | Tuleap missing CSRF protection on tracker canned responses administration | Enalean | tuleap | Medium | 4.6 | 2025-06-25 14:07:47 | Deep Dive |
| CVE-2025-30155 | Tuleap does not enforce read permissions on parent trackers in the REST API | Enalean | tuleap | Medium | 4.3 | 2025-03-31 15:58:30 | Deep Dive |
| CVE-2025-30209 | Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin | Enalean | tuleap | Medium | 5.3 | 2025-03-31 15:53:46 | Deep Dive |
| CVE-2025-30203 | Tuleap allows XSS via the content of RSS feeds in the RSS widgets | Enalean | tuleap | Medium | 4.8 | 2025-03-31 15:48:50 | Deep Dive |
| CVE-2025-29929 | Tuleap is missing CSRF protection on tracker hierarchy administration | Enalean | tuleap | Medium | 4.6 | 2025-03-31 15:40:59 | Deep Dive |
| CVE-2025-29766 | Tuleap has missing CSRF protections on artifact submission & edition from the tracker view | Enalean | tuleap | Medium | 4.6 | 2025-03-31 15:38:00 | Deep Dive |