Lucene search
K

543 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.14 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:10 p.m.5 views

EUVD-2026-39526

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:10 p.m.6 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 6:10 p.m.22 views

CVE-2026-56774 Kanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:10 p.m.17 views

CVE-2026-56774

What is affected: Kanboard up to version 1.2.52. Root cause: UserViewController::removeSession does not validate the session id before calling RememberMeSessionModel::remove. Impact: Authenticated users can enumerate sequential session IDs to mass-invalidate persistent login sessions (including a...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 6:10 p.m.6 views

CVE-2026-56774

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.11 views

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.8AI score0.00371EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1
Rosalinux
Rosalinux
added 2026/03/22 9:2 p.m.11 views

Advisory ROSA-SA-2026-3232

software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...

9.1CVSS5.7AI score0.00433EPSS
Exploits4
OSV
OSV
added 2026/03/18 4:17 a.m.3 views

DEBIAN-CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

6.5CVSS5.9AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/03/18 4:17 a.m.6 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 2:17 a.m.3 views

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 2:17 a.m.17 views

CVE-2026-33058

Kanboard (Kanban project management software) has an authenticated SQL injection vulnerability in the Project Permissions Handler affecting versions prior to 1.2.51. Exploitation requires prior permission to add users to a project, and successful exploitation can dump the entire Kanboard database...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/18 2:17 a.m.31 views

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS0.00281EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/18 2:17 a.m.5 views

EUVD-2026-12759

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 2:17 a.m.5 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.9AI score0.00281EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/18 2:17 a.m.4 views

CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS6AI score0.00281EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/18 2:17 a.m.3 views

CVE-2026-33058

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...

8.4CVSS5.8AI score0.00281EPSS
Exploits1
NVD
NVD
added 2026/03/18 2:16 a.m.8 views

CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS0.00371EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 2:16 a.m.4 views

DEBIAN-CVE-2026-29056

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...

8.8CVSS5.4AI score0.00371EPSS
Exploits1References1
Rows per page
Query Builder