EUVD-2026-1668

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

PT-2026-2118

Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below Description Kanboard is project management software based on the Kanban methodology. When the REVERSE PROXY AUTH setting is enabled, the application does not properly verify the source of HTTP headers used fo...

Kanboard 安全漏洞

Kanboard is Kanboard open source set of open source visualization task board software . The software is able to customize the panel according to the business . A security vulnerability exists in Kanboard 1.2.48 and earlier versions that stems from an authentication bypass when REVERSEPROXYAUTH is...

Linux Distros Unpatched Vulnerability : CVE-2026-21881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when...

CVE-2025-68953

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-68953

CVE-2025-68953 affects the Frappe framework. Versions 14.99.5 and earlier, and 15.0.0 through 15.80.1 contain a path traversal vulnerability caused by insufficient input sanitization on certain requests, allowing retrieval of arbitrary server files. The issue is fixed in versions 14.99.6 and 15.8...

EUVD-2025-206230

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

PT-2026-1347

Name of the Vulnerable Software and Affected Versions Frappe versions 14.99.5 and below and 15.0.0 through 15.80.1 Description Frappe, a full-stack web application framework, contains a path traversal issue in certain requests. Insufficient input sanitization allows the potential retrieval of...

[SECURITY] Fedora 42 Update: nginx-1.28.1-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 43 Update: nginx-1.28.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

EulerOS Virtualization 2.13.0 : mod_http2 (EulerOS-SA-2025-2588)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

EulerOS Virtualization 2.13.1 : mod_http2 (EulerOS-SA-2025-2553)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...