40 matches found
CVE-2026-3212
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
EUVD-2026-15469
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
CVE-2026-3212
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
CVE-2026-3212
CVE-2026-3212 concerns the Drupal Tagify module (Tagify library integration). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS) when rendering user-supplied data inside JavaScript templates within the Tagify widget. Affected version...
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
Drupal Tagify 安全漏洞
Drupal Tagify is a Drupal module from the Drupal community that integrates the Tagify JavaScript library. Versions of Drupal Tagify prior to 1.2.49 contained a security vulnerability, which was caused by improper input handling and could lead to cross-site scripting attacks...
Advisory ROSA-SA-2026-3232
software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...
MiracleLinux 4 : libpng-1.2.49-1.AXS4 (AXSA:2012-541:03)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-541:03 advisory. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphic...
CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
DEBIAN-CVE-2026-21879
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
DEBIAN-CVE-2026-21881
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
EUVD-2026-1668
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881
CVE-2026-21881 affects Kanboard (versions 1.2.48 and earlier). The flaw is an authentication bypass triggered when REVERSE_PROXY_AUTH is enabled: the app blindly trusts HTTP headers for user authentication without verifying the header source from a trusted reverse proxy, allowing an attacker to i...
EUVD-2026-1666
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880
Kanboard LDAP Injection vulnerability (CVE-2026-21880) affects versions 1.2.48 and earlier, where user input is directly substituted into LDAP search filters in the LDAP authentication mechanism. This permits enumeration of LDAP users and sensitive attributes, enabling targeted account attacks. T...