22 matches found
CVE-2026-21879
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
Fastjson 安全漏洞
Fastjson is Alibaba open source a Java-based fast JSON parser/generator . Fastjson versions prior to 1.2.48 security vulnerability , the vulnerability stems from improper handling of automatic types , which may lead to JNDI injection attacks...
DEBIAN-CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21881
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
EUVD-2026-1668
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...
CVE-2026-21879 Kanboard vulnerable to Open Redirect via protocol-relative URLs
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
EUVD-2026-1665
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
CVE-2026-21879 Kanboard vulnerable to Open Redirect via protocol-relative URLs
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the...
Kanboard 安全漏洞
Kanboard is Kanboard open source set of open source visualization task board software . The software has the ability to customize the panels to suit your business. A security vulnerability exists in Kanboard 1.2.48 and earlier versions that stems from the Open Redirect attack and could cause user...
PT-2026-2118
Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below Description Kanboard is project management software based on the Kanban methodology. When the REVERSE PROXY AUTH setting is enabled, the application does not properly verify the source of HTTP headers used fo...
Linux Distros Unpatched Vulnerability : CVE-2026-21879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious...
Kanboard 安全漏洞
Kanboard is Kanboard open source set of open source visualization task board software . The software is able to customize the panel according to the business . A security vulnerability exists in Kanboard 1.2.48 and earlier versions that stems from an authentication bypass when REVERSEPROXYAUTH is...
PT-2026-2116
Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below Description Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are susceptible to an Open Redirect issue, allowing attackers to redirect authenticated users to...
Exploit for CVE-2026-21879
Published CVEs This repository contains my security research...
CVE-2025-67593
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.48...
CVE-2025-67593 WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.48...