CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

CVE-2026-25924 Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

Linux Distros Unpatched Vulnerability : CVE-2026-21881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when...

EUVD-2017-6655

Malware in sbrugna...

EUVD-2017-6664

Malware in sbrugna...

EUVD-2017-4387

Malware in sbrugna...

EUVD-2017-6662

Malware in sbrugna...

EUVD-2017-6663

Malware in sbrugna...

EUVD-2017-6665

Malware in sbrugna...

EUVD-2017-6668

Malware in sbrugna...

EUVD-2017-6657

Malware in sbrugna...

EUVD-2017-6659

Malware in sbrugna...

EUVD-2017-6671

Malware in sbrugna...

EUVD-2024-20252

Malicious code in bioql PyPI...

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

kanboard -- Password Reset Poisoning via Host Header Injection

GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to craft a malicious password reset link that leaks the token to an...

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

CVE-2025-52576

Kanboard prior to version 1.2.46 is vulnerable to username enumeration and IP spoofing–based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can enumerate valid usernames and bypass rate-limiting or IP-based blocking mechanisms, increasing ...