CVE-2025-52560
Kanboard vulnerability CVE-2025-52560 affects Kanboard prior to version 1.2.46 where password reset emails can include URLs derived from an unvalidated Host header if application_url is unset. An attacker can craft a malicious password reset link that leaks the reset token to a domain they contro...