CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

EUVD-2025-24269

Malicious code in bioql PyPI...

EUVD-2024-45525

Malicious code in bioql PyPI...

EUVD-2023-38094

Malicious code in bioql PyPI...

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

CVE-2024-54001 Kanboard allows a persistent HTML injection site scripting in settings page date format

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

FreeBSD : kanboard -- Project Takeover via IDOR in ProjectPermissionController (91929399-249e-11ef-9296-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...

CVE-2023-33969

Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting XSS allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP...

Improper access control

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not...

CVE-2023-33968

CVE-2023-33968 concerns Kanboard prior to 1.2.30, where a missing access control lets a user with low privileges create or transfer tasks to any project (including uninvited/personal projects). The vulnerable features are Duplicate to project and Move to project , both checked by the internal fun...

Kanboard -- Multiple vulnerabilities

Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities: [email protected] reports: Missing access control in internal task links feature Stored Cross site scripting in the Task External Link Functionality in Kanboard...

FreeBSD : Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard (79514fcd-feb4-11ed-92b5-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 79514fcd-feb4-11ed-92b5-b42e991fc52e advisory. - Kanboard is project management software that focuses on the Kanban methodology. Due to improper...

Cross site scripting

Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the contentEditable element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document...