66 matches found
CVE-2026-59097
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
CVE-2026-59097
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
EUVD-2026-41428
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
CVE-2026-59097
Taiga (software) prior to version 6.10.2 contains a missing authorization vulnerability that lets unauthenticated remote attackers create default due-date records in any project by abusing unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. An arbitrary project id...
CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...
CVE-2026-41250
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
CVE-2026-41250
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
CVE-2026-41250
Summary: CVE-2026-41250 affects Taiga-front prior to version 6.9.1, where a stored XSS vulnerability exists. The issue is fixed in 6.9.1. The provided CVSS metrics indicate a base score of 5.7 (Medium) with network access, low attack complexity, required user interaction, and high confidentiality...
CVE-2026-41250
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
CVE-2026-41250 XSS in taiga-front
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
CVE-2026-41250 XSS in taiga-front
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
EUVD-2026-29118
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
CVE-2026-41250 XSS in taiga-front
Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...
Taiga 跨站脚本漏洞
Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...
PT-2026-39658
Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.1 Description Taiga, a project management platform for startups and agile developers, contains a stored Cross-Site Scripting XSS issue in its front-end. Stored XSS occurs when an application receives data from a use...
Metasploit Wrap-Up 01/09/2026
RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to th...
Taiga tribe_gig authenticated unserialize remote code execution
This module exploits an unserialization flaw by creating a userstory in a project. Module Options msf use exploit/multi/http/taigatribegigunserial msf exploittaigatribegigunserial show targets ...targets... msf exploittaigatribegigunserial set TARGET msf exploittaigatribegigunserial show options...
📄 Taiga Tribe_gig Authenticated Unserialize Remote Code Execution
This Metasploit module exploits an unserialization flaw by creating a userstory in a project. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class TaigaClientException 'Taiga tribegig authenticated unserialize remote...