293 matches found
CVE-2026-53987
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
CVE-2026-53987
GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...
CVE-2026-53987
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
EUVD-2026-42614
The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...
MAL-2026-5800 Malicious code in boardstep (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...
CVE-2026-10285
A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...
CVE-2026-44211
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-10285
A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...
CVE-2026-10285
The CVE-2026-10285 affects DevaslanPHP project-management (up to 2.0.0-beta1). The issue lies in KanbanScrumHelper::recordUpdated (file app/Helpers/KanbanScrumHelper.php) where manipulation leads to improper authorization, enabling a remote attack. The available sources do not specify exploit vec...
Missing Origin Validation in WebSockets
Overview kanban is an A kanban foundation for coding agents Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets due to the lack of enforcement of origin and host policy. An attacker can gain unauthorized access to sensitive data and perform actions on behal...
CVE-2026-44211
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
CVE-2026-44211
CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...
EUVD-2026-33662
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...
Cline 安全漏洞
Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...
PT-2026-45550
A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...
Malicious code in @vino.tian/vibe-kanban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...
MAL-2026-4462 Malicious code in @vino.tian/vibe-kanban (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...