CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...

CVE-2026-3212

CVE-2026-3212 concerns the Drupal Tagify module (Tagify library integration). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS) when rendering user-supplied data inside JavaScript templates within the Tagify widget. Affected version...

Advisory ROSA-SA-2026-3232

software: kanboard 1.2.49 WASP: ROSA-CHROME unaffected versions = kanboard-1.2.49-1 affected versions kanboard-1.2.49-1 CVE-ID: CVE-2026-21879 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: An Open Redirect vulnerability in Kanboard ≤ 1.2.48 allowed authenticated users to be redirected to malicious...

MiracleLinux 4 : libpng-1.2.49-1.AXS4 (AXSA:2012-541:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-541:03 advisory. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphic...

CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2026-21881

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

DEBIAN-CVE-2026-21881

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21881

CVE-2026-21881 affects Kanboard (versions 1.2.48 and earlier). The flaw is an authentication bypass triggered when REVERSE_PROXY_AUTH is enabled: the app blindly trusts HTTP headers for user authentication without verifying the header source from a trusted reverse proxy, allowing an attacker to i...

CVE-2026-21881 Kanboard is Vulnerable to Reverse Proxy Authentication Bypass

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSEPROXYAUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a...

CVE-2026-21880 Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2026-21880

Kanboard LDAP Injection vulnerability (CVE-2026-21880) affects versions 1.2.48 and earlier, where user input is directly substituted into LDAP search filters in the LDAP authentication mechanism. This permits enumeration of LDAP users and sensitive attributes, enabling targeted account attacks. T...

EUVD-2026-1666

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2026-21879

Kanboard (versions ≤ 1.2.48) is affected by an Open Redirect vulnerability where protocol-relative URLs like //evil.com bypass FILTER_VALIDATE_URL, enabling attackers to redirect authenticated users to attacker-controlled sites. This could facilitate phishing, credential theft, or malware distrib...

PT-2026-2117

Name of the Vulnerable Software and Affected Versions Kanboard versions 1.2.48 and below Description Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below contain an LDAP Injection issue within the LDAP authentication mechanism. User-supplied input is...

Linux Distros Unpatched Vulnerability : CVE-2026-21880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication...

CVE-2025-10762 kuaifan DooTask UsersController.php sql injection

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

DooTask SQL注入漏洞

DooTask is a task management tool for kuaifan individual developers. A SQL injection vulnerability exists in DooTask 1.2.49 and earlier versions, which stems from incorrect manipulation of the parameter keysdepartment in the file app/Http/Controllers/Api/UsersController.php, which could lead to a...

PT-2025-38657

Name of the Vulnerable Software and Affected Versions kuaifan DooTask versions through 1.2.49 Description A vulnerability exists in kuaifan DooTask up to version 1.2.49, specifically within the file app/Http/Controllers/Api/UsersController.php. Manipulation of the keysdepartment argument results ...