Lucene search
K

293 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS0.00341EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-53987

GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-53987

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS0.00341EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42614

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 5:30 p.m.11 views

MAL-2026-5800 Malicious code in boardstep (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d23139a90bc62310843522a9f8c266cf11ec4166f7a493072bf93b7d8ec05b0c The package wires all three npm lifecycle hooks preinstall, install, postinstall in package.json to run install.js, which downloads...

5.4AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.14 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:15 p.m.11 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
CVE
CVE
added 2026/06/01 7:15 p.m.25 views

CVE-2026-10285

The CVE-2026-10285 affects DevaslanPHP project-management (up to 2.0.0-beta1). The issue lies in KanbanScrumHelper::recordUpdated (file app/Helpers/KanbanScrumHelper.php) where manipulation leads to improper authorization, enabling a remote attack. The available sources do not specify exploit vec...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/01 6:24 p.m.6 views

Missing Origin Validation in WebSockets

Overview kanban is an A kanban foundation for coding agents Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets due to the lack of enforcement of origin and host policy. An attacker can gain unauthorized access to sensitive data and perform actions on behal...

9.6CVSS5.5AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2026/06/01 5:17 p.m.18 views

CVE-2026-44211

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS0.0018EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/01 4:1 p.m.34 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS0.0018EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/01 4:1 p.m.13 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
CVE
CVE
added 2026/06/01 4:1 p.m.31 views

CVE-2026-44211

CVE-2026-44211 describes a cross-origin WebSocket hijacking vulnerability in Cline Kanban Server. Three endpoints exposed without Origin validation (ws://127.0.0.1:3484/api/runtime/ws, /api/terminal/io, /api/terminal/control) allow a malicious site to connect from any origin. Potential impacts do...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/01 4:1 p.m.14 views

EUVD-2026-33662

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...

9.6CVSS5.3AI score0.0018EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45550

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 2:20 p.m.10 views

Malicious code in @vino.tian/vibe-kanban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/21 2:20 p.m.8 views

MAL-2026-4462 Malicious code in @vino.tian/vibe-kanban (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f1533bb7e55b1bcd10291aa9f19e2a5cbe5755a7a6a7343d38fbd3ff8064a1f This package is published as @vino.tian/vibe-kanban and copies its README, name, and feature description from BloopAI's legitimate vibe-kanban projec...

5.9AI score
Exploits0References3
Rows per page
Query Builder