CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28672 matches found

UbuntuCve•added 2026/02/11 12:0 a.m.•2 views

CVE-2026-1282

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles...

5.4CVSS5.9AI score0.00162EPSS

Exploits0References4

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7514

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.6 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An authenticated user could inject malicious content into project label titles. This issue affects GitLab...

5.4CVSS5.3AI score0.00162EPSS

Exploits0References11

NVD•added 2026/02/10 6:16 p.m.•6 views

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

8.8CVSS0.00354EPSS

Exploits1References3

CVE•added 2026/02/10 5:32 p.m.•15 views

CVE-2026-25947

Worklenz is affected by multiple SQL injection vulnerabilities in backend query construction affecting project/task management controllers, reporting/financial endpoints, real-time socket.io handlers, and resource scheduling prior to version 2.1.7. The issue is mitigated by upgrading to v2.1.7, w...

8.8CVSS5.7AI score0.00354EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/10 5:32 p.m.•4 views

CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

8.8CVSS5.7AI score0.00354EPSS

Exploits1References5

NVD•added 2026/02/10 5:16 p.m.•7 views

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

8CVSS0.00182EPSS

Exploits1References3

UbuntuCve•added 2026/02/10 5:16 p.m.•6 views

CVE-2026-24885

8CVSS5.8AI score0.00182EPSS

Exploits1References4

OSV•added 2026/02/10 5:16 p.m.•6 views

UBUNTU-CVE-2026-24885

8CVSS5.6AI score0.00182EPSS

Exploits1References5

Vulnrichment•added 2026/02/10 4:47 p.m.•1 views

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

4.3CVSS5.5AI score0.00235EPSS

Exploits1References3

Cvelist•added 2026/02/10 4:47 p.m.•21 views

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

4.3CVSS0.00235EPSS

Exploits1References3

CVE•added 2026/02/10 4:47 p.m.•16 views

CVE-2026-25530

Kanboard (Kanban project management) has a flaw in the getSwimlane API where, prior to version 1.2.50, there is insufficient project-level authorization, allowing authenticated users to read swimlane data from projects they should not access. The issue is resolved in 1.2.50. Affected component: g...

4.3CVSS5.5AI score0.00235EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/10 4:47 p.m.•3 views

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

4.3CVSS5.5AI score0.00235EPSS

Exploits1References5

Debian CVE•added 2026/02/10 4:47 p.m.•4 views

CVE-2026-25530

4.3CVSS5.3AI score0.00235EPSS

Exploits1

Vulnrichment•added 2026/02/10 4:40 p.m.•2 views

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

5.7CVSS5.3AI score0.00182EPSS

Exploits1References3

Debian CVE•added 2026/02/10 4:40 p.m.•5 views

CVE-2026-24885

8CVSS5.3AI score0.00182EPSS

Exploits1

CVE•added 2026/02/10 4:40 p.m.•11 views

CVE-2026-24885

Kanboard (Kanban project management software) is affected by a CSRF flaw in the ProjectPermissionController prior to version 1.2.50. The root cause is the server not strictly enforcing Content-Type: application/json for the changeUserRole action, accepting text/plain despite a JSON body. This all...

8CVSS5.3AI score0.00182EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/10 4:40 p.m.•3 views

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

5.7CVSS5.4AI score0.00182EPSS

Exploits1References5

RedhatCVE•added 2026/02/10 1:23 p.m.•4 views

CVE-2026-25904

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...

5.8CVSS5.6AI score0.00165EPSS

Exploits0References1

RedhatCVE•added 2026/02/10 1:23 p.m.•3 views

CVE-2026-2225

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been...

9.8CVSS5.4AI score0.00416EPSS

Exploits1References1