CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kanboard prior to version 1.2.47 is affected by a path-traversal/file-write vulnerability in the API’s createTaskFile handler. The issue arises because task_id validation is missing and path traversal is not checked, allowing a malicious actor to write files to arbitrary locations reachable by th...

6.4CVSS7.1AI score0.00117EPSS

Exploits1References3Affected Software1

Rosalinux•added 2025/08/06 8:30 a.m.•3 views

Advisory ROSA-SA-2025-2922

software: kanboard 1.2.44 AXIS: ROSA-CHROME unaffected versions = kanboard-1.2.44-0.gitc07304.1-rosa2021.1 affected versions kanboard-1.2.44-0.gitc07304.1-rosa2021.1 CVE-ID: CVE-2024-51748 BDU-ID: 2024-10653 CVE-Crit: HIGH CVE-DESC.: A vulnerability in Kanboard project management software is...

9.1CVSS9.3AI score0.00582EPSS

Exploits1

OSV•added 2025/06/25 4:46 p.m.•2 views

CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS6.6AI score0.00364EPSS

Exploits0References6

Positive Technologies•added 2025/06/25 12:0 a.m.•2 views

PT-2025-26861 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.46 Description: Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, it is vulnerable to username enumeration and IP spoofing-based brute-force protection...

5.3CVSS6.4AI score0.00364EPSS

Exploits0References9

Cvelist•added 2025/06/24 2:56 a.m.•6 views

CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to...

8.1CVSS0.00237EPSS

Exploits1References2

Positive Technologies•added 2025/06/24 12:0 a.m.•1 views

PT-2025-26686 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.46 Description: Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Ho...

8.1CVSS6.2AI score0.00237EPSS

Exploits1References7

RedhatCVE•added 2025/05/23 8:11 a.m.•3 views

CVE-2024-54001

Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields applicationlanguage, applicationdateformat,applicationtimezone and applicationtimeformat allow arbirary user input which is reflected...

5.5CVSS6.6AI score0.00153EPSS

Exploits1References1

Cvelist•added 2025/05/12 10:53 p.m.•17 views

CVE-2025-46825 Kanboard has stored Cross-site Scripting vulnerability in project name

Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting XSS Vulnerability in the name parameter of the http://localhost/?controller=ProjectCreationController&action=create form. This vulnerability allows...

2.3CVSS0.00233EPSS

Exploits1References4

NVD•added 2024/12/19 12:15 a.m.•12 views

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS0.00786EPSS

Exploits1References8