Lucene search
K

46 matches found

OSV
OSV
added 2026/02/13 3:4 p.m.5 views

CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...

4.3CVSS5.5AI score0.00223EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/11 8:43 p.m.4 views

CVE-2026-25924 Kanboard is Missing Access Control on Plugin Installation leading to Administrative RCE

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

8.4CVSS6.3AI score0.00491EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-21881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when...

9.1CVSS7AI score0.00433EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6659

Malware in sbrugna...

4.3CVSS4.8AI score0.01191EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-4387

Malware in sbrugna...

8.8CVSS8.7AI score0.0133EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6665

Malware in sbrugna...

4.3CVSS4.8AI score0.01076EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6662

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6668

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6664

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6671

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6655

Malware in sbrugna...

4.3CVSS4.8AI score0.01191EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6663

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6657

Malware in sbrugna...

4.3CVSS4.8AI score0.01191EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-20252

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/14 4:54 p.m.5 views

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS8.2AI score0.0087EPSS
Exploits1References1
NVD
NVD
added 2025/08/12 4:15 p.m.13 views

CVE-2025-55011

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

6.4CVSS0.00326EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/06/27 5:20 p.m.8 views

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS7.2AI score0.00299EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/06/26 12:0 a.m.7 views

kanboard -- Password Reset Poisoning via Host Header Injection

GitHub Security Advisories reports: Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to craft a malicious password reset link that leaks the token to an...

8.8CVSS7.3AI score0.00454EPSS
Exploits1References1
NVD
NVD
added 2025/06/25 5:15 p.m.6 views

CVE-2025-52576

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS0.00299EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/25 4:46 p.m.2 views

CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...

5.3CVSS7.1AI score0.00299EPSS
Exploits0References4
Rows per page
Query Builder