Kanboard

Kanboard

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-33058

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.03.2026 02:17:03
  • Zuletzt bearbeitet 18.03.2026 17:52:14

Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the ent...

8.8

CVE-2026-29056

Exploit
  • EPSS 0.2%
  • Veröffentlicht 18.03.2026 02:16:24
  • Zuletzt bearbeitet 18.03.2026 19:40:48

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without fil...

4.3

CVE-2026-25531

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.02.2026 15:15:57
  • Zuletzt bearbeitet 13.02.2026 20:43:30

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowin...

8.4

CVE-2026-25924

Exploit
  • EPSS 0.08%
  • Veröffentlicht 11.02.2026 20:43:19
  • Zuletzt bearbeitet 13.02.2026 21:30:01

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application co...

4.3

CVE-2026-25530

Exploit
  • EPSS 0.04%
  • Veröffentlicht 10.02.2026 16:47:58
  • Zuletzt bearbeitet 13.02.2026 20:21:29

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerab...

8

CVE-2026-24885

Exploit
  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 16:40:01
  • Zuletzt bearbeitet 13.02.2026 20:19:00

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enf...

9.1

CVE-2026-21881

Medienbericht Exploit
  • EPSS 0.32%
  • Veröffentlicht 08.01.2026 01:08:01
  • Zuletzt bearbeitet 20.01.2026 15:57:22

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication...

5.3

CVE-2026-21880

Medienbericht Exploit
  • EPSS 0.13%
  • Veröffentlicht 08.01.2026 00:59:20
  • Zuletzt bearbeitet 20.01.2026 18:38:16

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without p...

6.1

CVE-2026-21879

Medienbericht Exploit
  • EPSS 0.05%
  • Veröffentlicht 08.01.2026 00:51:50
  • Zuletzt bearbeitet 20.01.2026 18:15:10

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs ...

7.2

CVE-2025-55010

Exploit
  • EPSS 3.91%
  • Veröffentlicht 12.08.2025 15:57:13
  • Zuletzt bearbeitet 22.08.2025 17:28:18

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects b...