Lucene search
K

66 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:42 p.m.38 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS0.00344EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 7:42 p.m.8 views

EUVD-2026-41428

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 7:42 p.m.15 views

CVE-2026-59097

Taiga (software) prior to version 6.10.2 contains a missing authorization vulnerability that lets unauthenticated remote attackers create default due-date records in any project by abusing unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. An arbitrary project id...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/02 7:42 p.m.7 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:42 p.m.3 views

CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS6.2AI score0.00344EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.14 views

CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.8 views

CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS0.00284EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:50 p.m.16 views

CVE-2026-41250

Summary: CVE-2026-41250 affects Taiga-front prior to version 6.9.1, where a stored XSS vulnerability exists. The issue is fixed in 6.9.1. The provided CVSS metrics indicate a base score of 5.7 (Medium) with network access, low attack complexity, required user interaction, and high confidentiality...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:50 p.m.6 views

CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:50 p.m.8 views

CVE-2026-41250 XSS in taiga-front

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 4:50 p.m.45 views

CVE-2026-41250 XSS in taiga-front

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 4:50 p.m.12 views

EUVD-2026-29118

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 4:50 p.m.2 views

CVE-2026-41250 XSS in taiga-front

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS6AI score0.00284EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Taiga 跨站脚本漏洞

Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...

5.7CVSS5.6AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39658

Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.1 Description Taiga, a project management platform for startups and agile developers, contains a stored Cross-Site Scripting XSS issue in its front-end. Stored XSS occurs when an application receives data from a use...

5.7CVSS5.9AI score0.00284EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2026/01/09 11:7 p.m.13 views

Metasploit Wrap-Up 01/09/2026

RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to th...

9CVSS8AI score0.01405EPSS
Exploits2
Metasploit
Metasploit
added 2026/01/07 6:58 p.m.343 views

Taiga tribe_gig authenticated unserialize remote code execution

This module exploits an unserialization flaw by creating a userstory in a project. Module Options msf use exploit/multi/http/taigatribegigunserial msf exploittaigatribegigunserial show targets ...targets... msf exploittaigatribegigunserial set TARGET msf exploittaigatribegigunserial show options...

9CVSS5.8AI score0.01405EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/01/07 12:0 a.m.163 views

📄 Taiga Tribe_gig Authenticated Unserialize Remote Code Execution

This Metasploit module exploits an unserialization flaw by creating a userstory in a project. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class TaigaClientException 'Taiga tribegig authenticated unserialize remote...

9CVSS6.7AI score0.01405EPSS
Exploits2
Rows per page
Query Builder