52 matches found
CVE-2026-6225
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-2934
A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. Th...
CVE-2025-65782
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members and potentially other authenticated users to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vo...
EUVD-2025-203374
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...
EUVD-2025-203373
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document beyond profile fields, including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privileg...
CVE-2025-65781
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer Do...
CVE-2025-65778
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...
CVE-2025-65779
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...
CVE-2025-65782
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members and potentially other authenticated users to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vo...
CVE-2025-65779
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...
PT-2025-51218
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 18.16 Description An issue exists in Wekan, an open-source kanban board system, where unauthenticated attackers can modify a board's "sort" value. The Boards.allow function does not verify the user ID, enabling...
EUVD-2016-1714
Malware in sbrugna...
EUVD-2024-27877
Malicious code in bioql PyPI...
EUVD-2024-27876
Malicious code in bioql PyPI...
EUVD-2021-8072
Malicious code in bioql PyPI...
CVE-2024-34400
An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...
CVE-2016-10715
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7/kanban-view URI...
CVE-2024-34400
An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...
CVE-2024-34400
The CVE-2024-34400 entry concerns VirtoSoftware Virto Kanban Board Web Part for SharePoint 2019, affected by a cross-site scripting (XSS) vulnerability in the API endpoint /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx (LinkTitle2) prior to version 5.3.5.1. Root cause details are not ex...
PT-2024-25858 · Virtosoftware +1 · Virto Kanban Board Web Part +1
Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Kanban Board Web Part versions prior to 5.3.5.1 for SharePoint 2019 Description: An issue was discovered in the software, specifically with the "/ layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx" API endpoint, where...