22 matches found
CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
Linux Distros Unpatched Vulnerability : CVE-2026-25530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing...
CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
UBUNTU-CVE-2026-25530
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
CVE-2026-25530
Kanboard (Kanban project management) has a flaw in the getSwimlane API where, prior to version 1.2.50, there is insufficient project-level authorization, allowing authenticated users to read swimlane data from projects they should not access. The issue is resolved in 1.2.50. Affected component: g...
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
Kanboard 安全漏洞
Kanboard is a set of open-source visualization taskboards developed by Kanboard. This software allows for the customization of panels according to business needs. Versions of Kanboard prior to 1.2.50 contained security vulnerabilities. These vulnerabilities stemmed from the getSwimlane API method...
CVE-2026-25561
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
EUVD-2026-5706
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...
CVE-2026-25561
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass
WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...
CVE-2026-25561
WeKan versions prior to 8.19 are affected by an authorization weakness in the attachment upload API. The endpoint does not fully validate that identifiers such as boardId, cardId, swimlaneId, and listId consistently refer to a coherent card/board relationship, enabling attachments to be uploaded ...
PT-2026-6929
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description An authorization issue exists in the card move logic of the software. A user can define a destination board, list, or swimlane without sufficient authorization verification for the destination. The syst...
PT-2026-7319
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
EUVD-2017-6655
Malware in sbrugna...
@bnsights-test/test-admin-portal (>=0.0.57 <=0.0.60), @bnsights/bbsf-admin-portal (>=1.0.0 <=1.2.20-beta.0) +5 more potentially affected by unknown CVE via ng2-file-upload (=8.0.0)
ng2-file-upload NPM version =8.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ng2-file-upload and may be impacted: - @bnsights-test/test-admin-portal =0.0.57, =1.0.0, =1.0.194-beta.19-1, =49.0.0, =12.0.0, =1.4.0-A19, =14.1.0, =14.3.0 Source cves:...
CVE-2017-15195
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user...