CVE-2026-1640

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments

Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers...

Rukovoditel 安全漏洞

Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.4.1, which stems from a stored cross-site scripting...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2024-12995 ruifang-tech Rebuild Project Tasks Section tasks cross site scripting

A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible t...

CVE-2024-12995 ruifang-tech Rebuild Project Tasks Section tasks cross site scripting

A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible t...

PT-2024-17857 · Ruifang Tech · Ruifang-Tech Rebuild

Name of the Vulnerable Software and Affected Versions: ruifang-tech Rebuild version 3.8.6 Description: A vulnerability has been found in the Project Tasks Section component, affecting an unknown part of the file /project/050-9000000000000001/tasks. The manipulation of the description argument lea...

Rebuild SQL注入漏洞

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild 3.2.3 and earlier versions, which stems from the discovery of an SQL injection vulnerability contained in the file /project/tasks/list...

PT-2023-17116 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A critical issue has been found in Rebuild, affecting some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely...

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can see task associated with a project 💥 IMPACT user dont have access to specific project but still can see task attached to this project . 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user ...

Kanboard Design Vulnerability (CNVD-2017-30942)

Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...