Lucene search
+L

296 matches found

NVD
NVD
added 2026/07/09 5:17 p.m.9 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS0.00341EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/09 3:44 p.m.7 views

EUVD-2026-42614

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 3:44 p.m.32 views

CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS0.00341EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 3:44 p.m.7 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/09 3:44 p.m.12 views

CVE-2026-53987

GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 3:44 p.m.3 views

CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.8AI score0.00341EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 5:30 p.m.12 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.4AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.13 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.15 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:15 p.m.11 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
CVE
CVE
added 2026/06/01 7:15 p.m.26 views

CVE-2026-10285

The CVE-2026-10285 affects DevaslanPHP project-management (up to 2.0.0-beta1). The issue lies in KanbanScrumHelper::recordUpdated (file app/Helpers/KanbanScrumHelper.php) where manipulation leads to improper authorization, enabling a remote attack. The available sources do not specify exploit vec...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References6
OSV
OSV
added 2026/06/01 7:15 p.m.3 views

CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.3CVSS5.5AI score0.0023EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/01 6:24 p.m.6 views

Missing Origin Validation in WebSockets

Overview kanban is an A kanban foundation for coding agents Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets due to the lack of enforcement of origin and host policy. An attacker can gain unauthorized access to sensitive data and perform actions on behal...

9.6CVSS5.5AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2026/06/01 5:17 p.m.19 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS0.0018EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/01 4:1 p.m.37 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS0.0018EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:1 p.m.13 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
CVE
CVE
added 2026/06/01 4:1 p.m.34 views

CVE-2026-44211

CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/01 4:1 p.m.15 views

EUVD-2026-33662

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
OSV
OSV
added 2026/06/01 4:1 p.m.4 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.9AI score0.0018EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...

9.6CVSS5.3AI score0.0018EPSS
Exploits1References2
Rows per page
Query Builder