Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 4:17 a.m.5 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS0.00281EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/18 2:17 a.m.30 views

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS0.00281EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 2:17 a.m.15 views

CVE-2026-33058

Kanboard (Kanban project management software) has an authenticated SQL injection vulnerability in the Project Permissions Handler affecting versions prior to 1.2.51. Exploitation requires prior permission to add users to a project, and successful exploitation can dump the entire Kanboard database...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 2:17 a.m.4 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/18 2:17 a.m.5 views

EUVD-2026-12759

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 2:17 a.m.4 views

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS6AI score0.00281EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/18 2:17 a.m.3 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.8AI score0.00281EPSS
Exploits1
OSV
OSV
added 2026/03/18 2:16 a.m.4 views

DEBIAN-CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.4AI score0.00371EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 1:56 a.m.10 views

CVE-2026-29056

CVE-2026-29056 affects Kanboard prior to 1.2.51. The registration flow in the invited-user path lets unfiltered POST data reach the user model, enabling an attacker to set role=app-admin via the invite form and gain administrator privileges. This is caused by mass assignment in UserInviteControll...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/18 1:56 a.m.32 views

CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.3CVSS0.00371EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 1:56 a.m.7 views

CVE-2026-29056 Kanboard's privilege escalation via mass assignment in user invite registration allows any invited user to become admin

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.3CVSS5.9AI score0.00371EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/18 1:56 a.m.4 views

EUVD-2026-12740

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26020

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Kanboard 安全漏洞

Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.51 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the user...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26024

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References7
myhack58
myhack58
added 2019/07/13 12:0 a.m.296 views

Fastjson deserialization vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitoring to the widespread use of the JSON serialization framework Fastjson presence deserialization vulnerability can cause remote code execution, and there is evidence that The attacker can carefully construct the JSON data to achieve remote code execution, may cause the...

1.3AI score
Exploits0
Rows per page
Query Builder